EUVD-2026-9016

The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving the alt attribute using...

CVE-2026-25935

Technical details for CVE-2026-25935 (Vikunja XSS prior to 1.1.0) are not provided in the supplied documents. Monitor for updates and refer to the fixed version 1.1.0 for remediation context.

CVE-2026-25935 Vikunja Affected by XSS Via Task Preview

Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS o...

CVE-2025-70458

A DOM-based Cross-Site Scripting XSS vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the...

PT-2026-4534

Name of the Vulnerable Software and Affected Versions Sourcecodester Domain Availability Checker version 1.0 Description A DOM-based Cross-Site Scripting XSS issue exists in the DomainCheckerApp class within the domain/script.js file. The application does not properly handle user-supplied data in...

CVE-2025-70458

A DOM-based Cross-Site Scripting XSS vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the...