📄 SPIP Cross Site Scripting

SPIP versions prior to 4.4.9 suffer from a persistent cross site scripting injection vulnerability in the editor. ============================================================================================================================================= | Title : SPIP before 4.4.9 Stored XSS...

CVE-2025-62961

CVE-2025-62961 describes a Missing Authorization / Broken Access Control vulnerability in the WordPress theme Sparkle FSE, affecting Sparkle FSE versions from n/a through 1.0.9. The connected sources consistently reference Sparkle FSE

CVE-2025-55104

A stored cross-site scripting XSS vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute ...

WordPress Blockington - Gutenberg Blocks for Full Site Editing Page Builder Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Blockington - Gutenberg Blocks for Full Site Editing Page Builder Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...