154 matches found
CVE-2015-20119
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...
CVE-2026-2486
The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maelbhtablebtntext' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2735 Stored Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms
Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...
CVE-2026-2735
Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...
Huawei HarmonyOS OS Command Injection Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS 0.1.0 version exists operating system command injection vulnerability, the vulnerability stems from the function inputtext parameter text...
CVE-2021-47906
CVE-2021-47906 affects BloofoxCMS 0.5.2.1, with a stored cross-site scripting (XSS) vulnerability in the articles text parameter. The root cause is unfiltered user input in the text field, allowing authenticated attackers to inject JavaScript payloads that can execute in other users’ browsers and...
CVE-2021-47906 BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users...
PT-2026-4519
Name of the Vulnerable Software and Affected Versions BloofoxCMS version 0.5.2.1 Description BloofoxCMS contains a stored cross-site scripting issue. Authenticated attackers can inject malicious scripts through the text parameter in the articles section. This allows for the execution of scripts a...
PT-2025-52572
Name of the Vulnerable Software and Affected Versions WishSuite versions up to and including 1.5.1 Description The WishSuite plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the 'button text' parameter of the...
CVE-2025-51962
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...
CVE-2025-51962
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...
PT-2025-51274
Name of the Vulnerable Software and Affected Versions MicroStudio version 24.01.29 Description A HTML Injection issue exists in the comment section of the project page. This allows remote attackers to inject arbitrary web script or HTML through the text parameter of the add project comment...
CVE-2025-51962
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...
CVE-2025-51962
CVE-2025-51962 describes an HTML Injection in MicroStudio 24.01.29’s project page comments. The vulnerability arises in the add_project_comment function, allowing remote attackers to inject arbitrary scripts/HTML via the text parameter. CVSSv3.1 base score 6.1 (Medium) with NETWORK attack vector,...
CVE-2025-51962
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...
CVE-2025-14477 404 Solution <= 3.1.0 - Authenticated (Admin+) SQL Injection via 'filterText' Parameter
The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This is due to improper sanitization of the filterText paramet...
PT-2025-49866
Name of the Vulnerable Software and Affected Versions Social Reviews & Recommendations plugin for WordPress versions prior to 2.6 Description The Social Reviews & Recommendations plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and...
EUVD-2025-201518
The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclapbutton shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-13857
The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclapbutton shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2025-49347
The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclap button shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...