PT-2025-14969 · Unknown · Administrator Z

Name of the Vulnerable Software and Affected Versions: Administrator Z versions n/a through 2025.03.04 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. Recommendations: For versions n/a...

PT-2025-14231 · Smartarget · Smartarget Popup

Name of the Vulnerable Software and Affected Versions: Smartarget Popup versions 1.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...

PT-2025-7179 · Prezi · Prezi Embedder

Name of the Vulnerable Software and Affected Versions: Prezi Embedder versions prior to 2.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject malicious scripts...

PT-2025-4620 · Unknown · Hesabfa Accounting

Name of the Vulnerable Software and Affected Versions: Hesabfa Accounting versions prior to 2.1.2 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This means an attacker can inject malicious scripts...

PT-2025-4925 · Unknown · Rsvpmaker Volunteer Roles

Name of the Vulnerable Software and Affected Versions: RSVPMaker Volunteer Roles versions 1.5.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inject malicious...

PT-2025-5054 · Unknown · Fures Xtra Settings

Name of the Vulnerable Software and Affected Versions: fures XTRA Settings versions n/a through 2.1.8 Description: The issue is related to improper neutralization of input during web page generation, which allows for Reflected XSS. This means that an attacker can inject malicious scripts into the...

PT-2025-4989 · Unknown · Notfound Content Planner

Name of the Vulnerable Software and Affected Versions: NotFound Content Planner versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting, which allows Reflected XSS. Recommendations: For versions...

PT-2025-4705 · Unknown · Thorsten Krug Multilang Contact Form

Name of the Vulnerable Software and Affected Versions: Thorsten Krug Multilang Contact Form versions n/a through 1.5 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. This allows for Reflected XSS...

PT-2025-2953 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe Framework versions prior to 5.3.8 Description: The Silverstripe Framework, a PHP framework powering the Silverstripe CMS, has an intentional feature allowing form messages to contain HTML markup for links and other relevant...

PT-2025-4446 · Unknown · Cf7Save Extension

Name of the Vulnerable Software and Affected Versions: Cf7Save Extension versions prior to 1 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inject malicious scripts into w...

PT-2025-4509 · Unknown · Hitesh Patel Metadata Seo

Name of the Vulnerable Software and Affected Versions: Hitesh Patel Metadata SEO versions n/a through 2.3 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker ca...

PT-2024-36481 · Unknown · Online Nurse Hiring System

Name of the Vulnerable Software and Affected Versions: Online Nurse Hiring System version 1.0 Description: A SQL injection issue was discovered in the /admin/profile.php component through the fullname parameter. This allows for potential exploitation. Recommendations: For Online Nurse Hiring Syst...

PT-2024-36126 · Unknown · Abcbiz Addons/Templates For Elementor

Name of the Vulnerable Software and Affected Versions: ABCBiz Addons and Templates for Elementor versions 2.0.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Stored Cross-site Scripting XSS vulnerability. This...

PT-2024-35032 · Unknown · What Would Seth Godin Do

Name of the Vulnerable Software and Affected Versions: What Would Seth Godin Do versions prior to 2.1.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This enables attackers to inject malicious...

PT-2024-35899 · Elementor · Codeless Cowidgets – Elementor Addons

Name of the Vulnerable Software and Affected Versions: Codeless Cowidgets – Elementor Addons versions prior to 1.2.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This enables attackers to inject...

PT-2024-34935 · Unknown · Keymaster Chord Notation Free

Name of the Vulnerable Software and Affected Versions: Keymaster Chord Notation Free versions 1.0.2 and earlier Description: The issue affects the Keymaster Chord Notation Free plugin, allowing Stored XSS due to improper neutralization of input during web page generation. This can lead to the...

PT-2024-34440 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: KASHIPARA E-learning Management System Project version 1.0 Description: A Stored Cross-Site Scripting XSS issue was found in the /admin/calendar of events.php endpoint, allowing remote attackers to execute arbitrary scripts via the date start...

PT-2024-34913 · Unknown · Elementsready Addons For Elementor

Name of the Vulnerable Software and Affected Versions: ElementsReady Addons for Elementor versions n/a through 6.4.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

PT-2024-34855 · Unknown · Narnoo Commerce Manager

Name of the Vulnerable Software and Affected Versions: Narnoo Commerce Manager versions 1.6.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...

PT-2024-34223 · Yith · Yith Woocommerce Product Add-Ons

Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Product Add-Ons versions prior to 4.14.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations...