EUVD-2026-36677

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2026-12202

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2026-12202 Intelliants Subrion CMS Blocks Endpoint cross site scripting

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2026-12202

Intelliants Subrion CMS (up to 4.0.3) is affected via the Blocks Endpoint, where manipulating the CSS class name can trigger cross-site scripting. The issue is exploitable remotely and a public exploit exists. Vendor did not respond to disclosure. Based on linked CVSS data, the impact is limited ...

PT-2026-49163

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

Exploit for Improper Handling of Length Parameter Inconsistency in Mongodb

CVE-2025-14847-mongobleed CVE-2025-14847 mongobleed python fil...

Exploit for CVE-2026-5513

CVE-2026-5513 — Bookly ≤ 27.2 Stored XSS via Cookie...

WordPress WPSOLR <=8.6 - Cross-Site Scripting

WordPress WPSOLR 8.6 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credential...

myfactory FMS - Cross-Site Scripting

myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter. id: CVE-2021-42565 info: name: myfactory FMS - Cross-Site Scripting author: madrobot,daffainfo severity: medium description: | myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter. impact: |...

WordPress Plugin DukaPress 2.5.2 - Directory Traversal

A directory traversal vulnerability in the dpimgresize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the src parameter to lib/dpimage.php. id: CVE-2014-8799 info: name: WordPress Plugin...

WordPress Spreadsheet - Cross-Site Scripting

WordPress Spreadsheet plugin contains a reflected cross-site scripting vulnerability in /dhtmlxspreadsheet/codebase/spreadsheet.php. id: CVE-2013-6281 info: name: WordPress Spreadsheet - Cross-Site Scripting author: random-robbie severity: medium description: | WordPress Spreadsheet plugin contai...

Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. i...

Grav CMS <1.3.0 - Cross-Site Scripting

Grav CMS before 1.3.0 is vulnerable to cross-site scripting via system/src/Grav/Common/Twig/Twig.php and allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/tools. id: CVE-2018-5233 info: name: Grav CMS 1.3.0 - Cross-Site Scripting author: pikpikcu severity:...

Pagination by BestWebSoft < 1.0.7 - Cross-Site Scripting

The pagination plugin before 1.0.7 for WordPress has multiple XSS issues. id: CVE-2017-18527 info: name: Pagination by BestWebSoft 1.0.7 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The pagination plugin before 1.0.7 for WordPress has multiple XSS issues. impact: |...

Subscriber by BestWebSoft < 1.3.5 - Cross-Site Scripting

The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues. id: CVE-2017-18502 info: name: Subscriber by BestWebSoft 1.3.5 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues. impact: |...

Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting

The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues. id: CVE-2017-18556 info: name: Google Analytics by BestWebSoft 1.7.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-google-analytics plugin before 1.7.1 for WordPress has...

Rating by BestWebSoft < 0.2 - Cross-Site Scripting

The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18530 info: name: Rating by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. impact: |...

LinkedIn by BestWebSoft < 1.0.5 - Cross-Site Scripting

The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues. id: CVE-2017-18516 info: name: LinkedIn by BestWebSoft 1.0.5 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues. impact:...

Timesheet Plugin < 0.1.5 - Cross-Site Scripting

The Timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. id: CVE-2017-18590 info: name: Timesheet Plugin 0.1.5 - Cross-Site Scripting author: Splint3r7 severity: medium description: | The Timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. impact: | Authenticated...

Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting

WP Sunshine Sunshine Photo Cart versions up to 3.1.1 contain a cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft malicious input. id: CVE-2024-30194 info:...