EUVD-2019-20179

WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the...

EUVD-2025-209900

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...

CVE-2021-47931 Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

CVE-2022-50947

The CVE-2022-50947 entry concerns WordPress Plugin Testimonial Slider and Showcase version 2.2.6. A stored XSS vulnerability exists in the post_title field due to insufficient sanitization, exploitable by authenticated editors with low privileges. Attackers with editor rights can inject JavaScrip...

WordPress Plugin Filterable Portfolio Gallery 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-33308

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2026-34598

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected...

CVE-2026-34598

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected...

CVE-2026-4335

The ShortPixel Image Optimizer WordPress plugin (≤ 6.4.3) is vulnerable to Stored Cross-Site Scripting via the attachment post_title. The root cause is insufficient output escaping in getEditorPopup() and media-popup.php, where the attachment title retrieved from get_post() is inserted into an HT...

CVE-2026-33411 Discourse's solved topic stream has potential stored XSS in topic title

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stored XSS in topic titles for the solved posts stream. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure that the Content Securi...

WordPress Keep Backup Daily plugin <= 2.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Backup Title vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via Backup Title vulnerability discovered by san6051 - PWC in WordPress Plugin Keep Backup Daily versions = 2.1.2...

WordPress Image Alt Text Manager plugin <= 1.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Title vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Post Title vulnerability discovered by WordFence in WordPress Plugin Alt Manager versions = 1.8.2...

WordPress Gravity Forms plugin <= 2.9.28.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Form Title vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Form Title vulnerability discovered by hoshino in WordPress Plugin Gravity Forms versions = 2.9.28...

CVE-2025-66024 XWiki Blog Application home page vulnerable to Stored XSS via Post Title

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...

Siemens Polarion 跨站脚本漏洞

Siemens Polarion is a software suite for application lifecycle management developed by the German company Siemens. This software supports end-to-end enterprise-level application development within a unified, modular, and browser-based software environment. Previous versions of Siemens Polarion,...

PT-2026-4779

Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...

WordPress SearchWiz plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Title vulnerability discovered by WordFence in WordPress Plugin SearchWiz versions = 1.0.0...

WordPress My Album Gallery plugin <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Image Title vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin My Album Gallery versions = 1.0.4...

EUVD-2007-0804

Malware in sbrugna...

EUVD-2019-7519

Malware in sbrugna...