CVE-2026-6646

The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dtdefaultbutton' shortcode in all versions up to, and including, 14.3.2. This is due to insufficient input sanitization and output escaping on the 'title' component of the 'link' shortcode parameter. This makes it...

PT-2026-41269

The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dt default button' shortcode in all versions up to, and including, 14.3.2. This is due to insufficient input sanitization and output escaping on the 'title' component of the 'link' shortcode parameter. This makes i...

EUVD-2020-30203

Malware in sbrugna...

CVE-2025-3650

The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the contributor role to conduct XSS attacks against administrators...

PT-2025-37291

Name of the Vulnerable Software and Affected Versions: jQuery Colorbox WordPress plugin versions through 4.6.3 Description: The jQuery Colorbox WordPress plugin utilizes the colorbox library, which lacks proper sanitization of title attributes on links. This allows users with contributor-level...

CVE-2023-37307

In MISP before 2.4.172, titleforlayout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts...

CVE-2020-9382

An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget as defined by this extension via MediaWiki's widget: parser function...

BIT-SUPERSET-2021-32609 XSS vulnerability on Explore page

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html including scripts into the page...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the generateNavigation function, which translates the XLSX file into an HTML representation and displays it in the response without proper sanitization for the sheet's title. Remediation There is no fixed...

CVE-2024-6408

The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2022-2413

The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is...

CVE-2023-39150

ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387...

CVE-2023-37307

In MISP before 2.4.172, titleforlayout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts...

CVE-2022-1266

The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24744

The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2021-32609

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html including scripts into the page...

CVE-2021-32609

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html including scripts into the page...

PYSEC-2021-377

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html including scripts into the page...

PYSEC-2021-377

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html including scripts into the page...

CVE-2021-31903

In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS...