12 matches found
CVE-2026-1804
The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popup-title' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2026-7499
The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popup-title' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2025-198517
A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window...
PT-2022-14084 · WordPress · Sticky Popup
Name of the Vulnerable Software and Affected Versions: Sticky Popup plugin for WordPress versions up to, and including, 1.2 Description: The issue is related to Stored Cross-Site Scripting via the popup title parameter due to insufficient input sanitization and output escaping. This allows...
CVE-2018-15585
Cross-Site Scripting XSS vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter...
CVE-2018-15585
GNUBOARD5 before 5.3.1.6 is affected by an XSS in newwinform.php via the popup title parameter. The issue enables remote attackers to inject arbitrary script/HTML in web pages. Affected product: GNUBOARD5; vulnerable component: newwinform.php (popup title). Root cause is unvalidated input in the ...
CVE-2018-15585
Cross-Site Scripting XSS vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter...
PT-2019-9131 · Gnuboard · Gnuboard5
Name of the Vulnerable Software and Affected Versions: GNUBOARD5 versions prior to 5.3.1.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the popup title parameter in the newwinform.php file. This enables attackers to perform Cross-Site Scripting XSS...
CVE-2018-15583
Cross-Site Scripting XSS vulnerability in pointlist.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter...
Cross site scripting
Cross-Site Scripting XSS vulnerability in pointlist.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter...
PT-2019-9129 · Gnuboard · Gnuboard5
Name of the Vulnerable Software and Affected Versions: GNUBOARD5 versions prior to 5.3.1.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the popup title parameter in the point list.php file. This enables attackers to perform Cross-Site Scripting XSS...
DEBIAN-CVE-2008-0192
Multiple cross-site scripting XSS vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to 1 wp-admin/post.php or 2 wp-admin/page-new.php...