CVE-2025-23664

Cross-Site Request Forgery CSRF vulnerability in Real Seguro Viagem Real Seguro Viagem seguro-viagem allows Stored XSS.This issue affects Real Seguro Viagem: from n/a through = 2.0.5...

CVE-2025-23859 WordPress Daily Proverb plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jd7777 Daily Proverb daily-proverb allows Stored XSS.This issue affects Daily Proverb: from n/a through = 2.0.3...

PT-2025-4872 · Go Social · Go Social

Name of the Vulnerable Software and Affected Versions: go Social versions n/a through 1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the web application, potentiall...

PT-2025-5060 · Unknown · Martijn Scheybeler Social Analytics

Name of the Vulnerable Software and Affected Versions: Martijn Scheybeler Social Analytics versions n/a through 0.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2025-3571 · Zenitel · Zenitel Alphaweb Xe

Name of the Vulnerable Software and Affected Versions: Zenitel AlphaWeb XE version 11.2.3.10 Description: An issue in the component /php/script uploads.php allows attackers to execute a directory traversal. Recommendations: For Zenitel AlphaWeb XE version 11.2.3.10, consider restricting access to...

CVE-2024-13323

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Orbit Fox by ThemeIsle 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress Modins theme < 1.1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme Modins - Insurance & Finance WordPress Theme versions 1.1.9...

Reflected Cross-Site Scripting (Reflected XSS)

Liferay Portal is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper handling of user input in the Dispatch name field, allowing remote attackers to execute arbitrary web script or HTML...

CVE-2024-52858

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

PT-2024-35891 · Yahoo · Max Engel Yahoo! Webplayer

Name of the Vulnerable Software and Affected Versions: Max Engel Yahoo! WebPlayer versions n/a through 2.0.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can perform actions on behalf of a user without their knowledge or...

PT-2024-35839 · Unknown · April'S Call Posts

Name of the Vulnerable Software and Affected Versions: April's Call Posts versions n/a through 2.1.1 Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

CVE-2024-11744

A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely...

WordPress Friendly Functions for Welcart plugin <= 1.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Friendly Functions for Welcart versions = 1.2.4...

The vulnerability in the l2tp.cgi script of the Netgear R8500, XR300, R7000P, and R6400 v2 router software allows a hacker to cause a service failure.

The vulnerability in the l2tp.cgi script of Netgear routers such as R8500, XR300, R7000P, and R6400 v2 lies in the copying of buffer data without checking the size of the input data during the processing of the l2tpuserip parameter. Exploiting this vulnerability allows a malicious actor to cause...

PT-2024-34311 · David Garcia · Domain Sharding

Name of the Vulnerable Software and Affected Versions: David Garcia Domain Sharding versions 1.2.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

SUSE CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

The vulnerability of the cgi_user_add function in the CGI script /cgi-bin/account_mgr.cgi?cmd=cgi_user_add allows a hacker to execute arbitrary commands. This vulnerability affects microprogrammed devices from the D-Link series: DNS-320, DNS-320LW, DNS-325, and DNS-340L.

The vulnerability of the cgiuseradd function in the CGI script /cgi-bin/accountmgr.cgi?cmd=cgiuseradd in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L devices is related to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this...

The vulnerability of the links.php script in the Cacti network monitoring software allows a hacker to perform cross-site scripting attacks.

The vulnerability of the links.php script in the Cacti network monitoring software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the links.php script in the Cacti network monitoring software allows a hacker to perform cross-site scripting attacks.

The vulnerability of the links.php script in the Cacti network monitoring software is related to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...