Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Snyk
Snykadded 2026/05/20 3:35 p.m.7 views

Cross-site Scripting (XSS)

Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to Cross-site Scripting XSS via incomplete URL attribute validation in UrlAttributeSanitizer. An attacke...

6.9CVSS5.5AI score
Exploits0References2
OSV
OSVadded 2024/09/25 4:15 a.m.3 views

CVE-2024-8515

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like 'TF E Slider Widget', 'TF Video Widget', 'TF Team Widget' and more in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping ...

5.4CVSS6AI score0.00452EPSS
Exploits0References9
WPVulnDB
WPVulnDBadded 2024/06/25 12:0 a.m.356 views

WordPress < 6.5.5 - Contributor+ Stored XSS in HTML API

Description WordPress does not properly escape URL attributes in the HTML API, allowing high-privileged users to perform Stored Cross-Site Scripting XSS attacks...

5.7AI score
Exploits0References1
OSV
OSVadded 2024/04/17 12:15 p.m.3 views

CVE-2024-3333

The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attributes of widgets in all versions up to, and including, 5.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.00318EPSS
Exploits0References2
WPVulnDB
WPVulnDBadded 2023/04/16 12:0 a.m.113 views

WPML Multilingual CMS < 4.6.1 - Reflected Cross-Site Scripting

The plugin does not escape some URL attributes before outputting them to a page, leading to a Reflected Cross-Site Scripting vulnerability. PoC After setting up the plugin, visit the following URL: /wp-login.php?wplang=%20=id=x+type=image%20id=xss%20onfoc%3C!%3Eusin+alert0%0c...

6.1AI score
Exploits0References2Affected Software1
Fedora
Fedoraadded 2019/03/06 3:29 p.m.9 views

[SECURITY] Fedora 28 Update: drupal7-link-1.6-1.fc28

The link module can be count to the top 50 modules in Drupal installations and provides a standard custom content field for links. With this module links can be added easily to any content types and profiles and include advanced validating and different ways of storing internal or external links...

1.5AI score
Exploits0
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.5 views

CVE-2026-45064: HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing

More info at https://symfony.com/cve-2026-45064...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.5 views

CVE-2026-45064: HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing

More info at https://symfony.com/cve-2026-45064...

5.8AI score
Exploits0Affected Software1
Rows per page
Query Builder