CVE-2026-40038

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

CVE-2026-3239

CVE-2026-3239 concerns the WordPress plugin Strong Testimonials. All versions up to and including 3.2.21 are affected by a Stored Cross-Site Scripting (Stored XSS) via the plugin’s testimonial_view shortcode, caused by insufficient input sanitization and output escaping on user-supplied attribute...

CVE-2022-0205

The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings available to users with a role as low as author before outputting them, leading to a Stored Cross-Site Scripting issue...

CVE-2025-23685

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebTechGlobal RomanCart romancart-on-wordpress allows Reflected XSS.This issue affects RomanCart: from n/a through = 0.0.2...

CVE-2025-11560 Team Members Showcase < 3.5.0 - Reflected XSS

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins...

EUVD-2025-35470

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AndonDesign UDesign Core u-design-core allows Reflected XSS.This issue affects UDesign Core: from n/a through = 4.14.0...

EUVD-2008-1967

Malware in sbrugna...

EUVD-2014-9184

Malware in sbrugna...

EUVD-2018-19237

Malware in sbrugna...

EUVD-2018-12738

Malware in sbrugna...

EUVD-2025-27400

Malicious code in bioql PyPI...

EUVD-2022-15610

Malicious code in bioql PyPI...

EUVD-2024-29337

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-4309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12,...

CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)

ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...

CVE-2025-49243 WordPress ShiftNav – Responsive Mobile Menu plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sevenspark ShiftNav – Responsive Mobile Menu shiftnav-responsive-mobile-menu allows Stored XSS.This issue affects ShiftNav – Responsive Mobile Menu: from n/a through = 1.8...

PT-2025-24092 · Widgetkit · Widgetkit

Name of the Vulnerable Software and Affected Versions: WidgetKit versions through 2.5.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject malicious scrip...

CVE-2021-24438

The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'gaaction' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue...

CVE-2021-24316

The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue...

PT-2025-20721 · Schweitzer Engineering Laboratories · Sel Blueframe Os

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An issue exists where an authenticated user can submit scripting to fields that lack proper input and output sanitization, leading to subsequent client-side script execution. Recommendations...