149 matches found
EUVD-2021-29329
Malicious code in bioql PyPI...
EUVD-2024-47601
Malicious code in bioql PyPI...
EUVD-2025-28701
Malicious code in bioql PyPI...
EUVD-2024-32719
Malicious code in bioql PyPI...
EUVD-2024-51153
Malicious code in bioql PyPI...
EUVD-2024-34021
Malicious code in bioql PyPI...
EUVD-2024-32766
Malicious code in bioql PyPI...
EUVD-2024-33515
Malicious code in bioql PyPI...
CVE-2025-7727
The Gutenverse plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Fun Fact blocks in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2025-31915 · WordPress · Employee Directory
Name of the Vulnerable Software and Affected Versions: Employee Directory plugin for WordPress versions up to and including 4.5.1 Description: The Employee Directory plugin for WordPress is susceptible to Stored Cross-Site Scripting through the noaccess msg parameter due to insufficient input...
CVE-2025-4968
The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements Copyright Element, Hover Box, Separator With Text, FAQ, Single Image, Custom Header, Button, Call To Action, Progress Bar, Pie Chart, Round Chart, and Line...
CVE-2025-4968 WPBakery Page Builder <= 8.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Page Builder Elements
The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements Copyright Element, Hover Box, Separator With Text, FAQ, Single Image, Custom Header, Button, Call To Action, Progress Bar, Pie Chart, Round Chart, and Line...
CVE-2025-6716 Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'upload1title' parameter in all versions up to, and including, 26.0.8...
CVE-2023-44915
CVE-2023-44915 affects c3crm up to version 3.0.4, where an XSS flaw in the /Login.php component allows crafted payloads in the login_error parameter to execute scripts. Several sources confirm the vulnerability class and affected component; Red Hat and NVD entries corroborate the same description...
CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)
ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...
CVE-2025-47040 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-47021 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-5528 Social Sharing Plugin – Sassy Social Share <= 3.3.75 - Reflected Cross-Site Scripting via 'heateor_mastodon_share' Parameter
The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateormastodonshare parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-4943
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-lakit-element-link’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-5292 Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
The Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markercontent’ parameter in all versions up to, and including, 5.11.2 due to insufficient input...