5 matches found
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-Site Scripting (XSS), specifically Mutation XSS (mXSS) due to dompurify
Summary dompurify is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-builder-ui Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
CVE-2025-6689
The FL3R Accessibility Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fl3raccessibilitysuite shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
WordPress plugin Pricing Tables For WPBakery Page Builder 跨站脚本漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPre...
WordPress plugin Fancier Author Box by ThematoSoup 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Fancier Author Box by ThematoSoup plugin 1.4 and earlier versions contain a cross-site scripting...
PT-2013-2197
Name of the Vulnerable Software and Affected Versions Rack versions 1.4.x through 1.4.4 Rack versions 1.5.x through 1.5.1 Description The issue allows attackers to access arbitrary files outside the intended root directory via a crafted PATH INFO environment variable, probably a directory travers...