Cross-site Scripting (XSS)

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Cross-site Scripting XSS in the search preview process. An attacker can execute arbitrary HTML or CSS in the authenticated editor interface ...

EUVD-2026-23974

The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image Source' attachment field in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2026-4852 Image Source Control Lite – Show Image Credits and Captions <= 3.9.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'Image Source' Field

The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image Source' attachment field in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2026-4852

The CVE-2026-4852 entry concerns the Image Source Control Lite – Show Image Credits and Captions WordPress plugin. Affected component: the Image Source attachment field. Root cause: insufficient input sanitization and output escaping. Impact: Stored Cross-Site Scripting that can be triggered when...

EUVD-2019-20050

AnyBurn 4.3 x86 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the image conversion function. Attackers can paste a large buffer into the source or destination image file fields and click Convert Now to...

CVE-2025-9959

creationtimestamp| type| source ---|---|--- 2026-02-27 13:46:21+00:00| seen| https://gist.github.com/YLChen-007/7146f45960f79bc1e2976fed526e0a9b 2026-02-27 13:47:21+00:00| seen| https://gist.github.com/YLChen-007/35b7d46e892266a0ed6dbe57802858be 2026-02-27 13:48:34+00:00| seen|...

CVE-2025-12138

creationtimestamp| type| source ---|---|--- 2025-11-21 10:24:59+00:00| seen| https://gist.github.com/Darkcrai86/8892f5fe09a9ed77c3f8774d6debb184 2025-11-21 11:24:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m656asygki2x...

CVE-2025-34314

IPFire

CVE-2022-1194

The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability...

Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the Title/Body Source/Button Text fields. An attacker can inject malicious scripts by crafting input that escapes the expected data...

CVE-2023-0874

creationtimestamp| type| source ---|---|--- 2023-04-10 18:32:51+00:00| seen| https://t.me/cibsecurity/61749...

SUSE CVE-2018-3830

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting XSS vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...

WBCE CMS Source Field Cross-Site Scripting Vulnerability

WBCE CMS is an open source content management system CMS based on PHP and MySQL. WBCE CMS v1.5.4 and its previous versions exist cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the Source field in the Modify Pa...

CVE-2022-45012

A cross-site scripting XSS vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field...

Cross site scripting

A cross-site scripting XSS vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field...

PT-2022-27367 · Wbce Cms · Wbce Cms

Name of the Vulnerable Software and Affected Versions: WBCE CMS version 1.5.4 Description: A cross-site scripting XSS issue in the Modify Page module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field. Recommendations: For WBCE CMS versi...

JEESNS Stored Cross-Site Scripting Vulnerability (CNVD-2021-74056)

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web script or HTML via a specially crafted payload in the editor's source field...

CVE-2020-20347

WTCMS 1.0 contains a stored cross-site scripting XSS vulnerability in the source field under the article management module...

WTCMS 跨站脚本漏洞

WTCMS is a content management system CMS based on ThinkPHP. wtcms has a cross-site scripting vulnerability in the article source field under the article management module. No detailed vulnerability details are currently available...

kibana: Cross-site scripting via the source field formatter

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting XSS vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...