CVE-2026-26351

GetSimpleCMS Community Edition CE version 3.3.16 contains a stored cross-site scripting XSS vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without proper output encoding. While other fields ar...

CVE-2026-26351 GetSimpleCMS-CE < 3.3.22 Stored XSS via components.php

GetSimpleCMS Community Edition CE versions prior to 3.3.22 3.3.16 tested contains a stored cross-site scripting XSS vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without proper output encodin...

PT-2026-4588

The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'get template' shortcode. This is due to insufficient path validation on user-supplied input passed to the get template part functio...

EUVD-2011-5092

Malware in sbrugna...

EUVD-2018-7700

Malware in sbrugna...

EUVD-2025-25732

Malicious code in bioql PyPI...

EUVD-2025-28749

Malicious code in bioql PyPI...

CVE-2025-9131

The Ogulo – 360° Tour plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

CVE-2025-9131

The Ogulo – 360° Tour plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

CVE-2025-9131

CVE-2025-9131 (Ogulo – 360° Tour, WordPress) Vulnerability type: Stored Cross-Site Scripting via the slug parameter in all versions up to and including 1.0.11. Exploitation requires authenticated access at Contributor level or higher; attacker can inject scripts that run when pages are viewed by ...

CVE-2025-9131 Ogulo – 360° Tour <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter

The Ogulo – 360° Tour plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

CVE-2025-9131 Ogulo – 360° Tour <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter

The Ogulo – 360° Tour plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

Vvveb 代码注入漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. A code injection vulnerability exists in Vvveb 1.0.5 and earlier versions, which stems from cross-site scripting due to incorrect manipulation of the parameter slug in the...

CVE-2025-6540

The web-cam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above,...

CVE-2025-6540

The web-cam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above,...

CVE-2025-6540 web-cam <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter

The web-cam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above,...

CVE-2025-6540 web-cam <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter

The web-cam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above,...

CVE-2025-6540

CVE-2025-6540 relates to the WordPress plugin “web-cam” (versions up to 1.0). It is a Stored Cross-Site Scripting (Stored XSS) vulnerability via the slug parameter caused by insufficient input sanitization and output escaping. Exploitation requires at least Contributor-level authentication, and t...

Cross-site Scripting (XSS)

Overview sulu/sulu is a highly extensible open-source PHP content management system based on the Symfony framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the MediaStreamController's downloadAction method. An attacker can inject arbitrary code by...

CVE-2024-3200

The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...