Lucene search
K

15 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-8489

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aboutme' parameter in all versions up to, and including, 2.11.4 due to insufficient input sanitization and...

6.4CVSS0.00241EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-22675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary...

6.1CVSS6.1AI score0.00218EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/02 2:46 p.m.2 views

CVE-2026-34806 Endian Firewall /cgi-bin/snat.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/snat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00168EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.3 views

CVE-2026-25417 WordPress ProfileGrid plugin <= 5.9.8.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through = 5.9.8.1...

6.5CVSS5.8AI score0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/27 8:28 p.m.20 views

CVE-2026-28338 PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages

PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains...

6.8CVSS0.00297EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/31 11:11 p.m.7 views

CVE-2025-59131

Cross-Site Request Forgery CSRF vulnerability in hoernerfranz WP-CalDav2ICS wp-caldav2ics allows Stored XSS.This issue affects WP-CalDav2ICS: from n/a through = 1.3.4...

7.1CVSS5.9AI score0.00093EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 7:20 a.m.4 views

CVE-2025-12976 Events Manager <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslistgrouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS4.7AI score0.00356EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.5 views

PT-2025-50830

The WPGancio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gancio-event' shortcode in all versions up to, and including, 1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00228EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.7 views

PT-2025-50213

Name of the Vulnerable Software and Affected Versions Coohom SaaS Platform version 1760060603897 2025-10-28 Description A stored Cross-Site Scripting XSS issue exists in the Account Settings module. The issue occurs because unsanitized user input in Address fields, specifically City, State, and...

5.4CVSS6.3AI score0.00163EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/22 9:45 a.m.7 views

CVE-2025-12160

The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpradminmsg' parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.2AI score0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/22 6:0 a.m.3 views

CVE-2025-9541 Markup Markdown < 3.20.10 - Contributor+ Stored XSS

The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.2AI score0.00215EPSS
Exploits0References1
NVD
NVD
added 2025/09/06 4:16 a.m.8 views

CVE-2025-9442

The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vodsChannel’ parameter in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00223EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/04 11:14 a.m.12 views

CVE-2025-41059 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/tablesorter...

5.1CVSS0.00162EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/09/24 12:59 p.m.4 views

WordPress Graphicsly plugin <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Graphicsly versions = 1.0.2...

6.4CVSS5.8AI score0.00308EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/08/14 2:15 p.m.1 views

CVE-2019-0335

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console, versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor is moved over the...

6.1CVSS6.3AI score0.00807EPSS
Exploits0References2
Rows per page
Query Builder