CVE-2025-6690

The WP Tournament Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘field’ parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2025-31808 · Intelbras · Intelbras Rx 1500 +1

Name of the Vulnerable Software and Affected Versions: Intelbras RX1500 version 2.2.9 Intelbras RX3000 version 1.0.11 Description: A cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the name of a visiting Wi-Fi...

HP Officejet Pro 8500 Cross-site Scripting (CVE-2013-4845)

Cross-site scripting XSS vulnerability on HP Officejet Pro 8500 aka A909 All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...

rsblog

Extension: RSBlog! Version: Old 1.14.4, 1.14.5 / New 1.14.6 Update details: Versions affected 1.11.6 to 1.14.5 Stored XSS allows remote authenticated attackers to inject arbitrary web script or HTML via the tag parameter. Fixed in 1.14.6 Update URL:...

CVE-2024-53288

CVE-2024-53288 is an XSS vulnerability in the NTP Region functionality of Synology Router Manager (SRM) versions prior to 1.3.1-9346-11. The issue allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. Affected product: Syno...

CVE-2024-53288

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in NTP Region functionality in Synology Router Manager SRM before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified...

CVE-2025-8015

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping. This makes it possible f...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

CVE-2025-51403

A stored cross-site scripting XSS vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter...

CVE-2025-50126

A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject arbitrary web script or HTML via the jformtagstext parameter...

CVE-2025-50056 Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.28 for Joomla

A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter...

CVE-2025-5754

CVE-2025-5754 affects the WordPress plugin Useful Tab Block – Responsive & AMP-Compatible . The vulnerability is a Stored Cross-Site Scripting (XSS) via the className parameter caused by insufficient input sanitization and output escaping. It requires authentication at Contributor level or higher...

WordPress Contest Gallery plugin cross-site scripting vulnerability

WordPress Contest Gallery plugin is a powerful plugin that is mainly used to organize all kinds of online contests in WordPress websites, supporting the uploading and displaying of photos, videos, audios, documents and other types of files. WordPress Contest Gallery plugin suffers from a cross-si...

CVE-2025-53924 Emlog vulnerable to stored Cross-site Scripting in links functionality

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to inject malicious code into siteurl parameter...

WordPress Team Showcase plugin cross-site scripting vulnerability

WordPress Team Showcase Plugin is a plugin for displaying team members on a website, which is mainly used on the official website of a business or studio to display core member information in a visual way to enhance the sense of trust. The WordPress Team Showcase plugin suffers from a cross-site...

PT-2025-29130 · Alteryx · Alteryx Server

Name of the Vulnerable Software and Affected Versions: Alteryx Server version 2023.1.1.460 Description: A cross-site scripting XSS issue exists in Alteryx Server. This allows remote attackers to inject arbitrary web script or HTML through the notification body. Recommendations: Update Alteryx...

CVE-2025-28245

Cross-site scripting XSS vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body...

CVE-2025-28245

Cross-site scripting XSS vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body...

D-Link DIR-645 注入漏洞

D-Link DIR-645 is a Gigabit wireless router for home and SMB users launched by D-Link in 2012. The D-Link DIR-645 suffers from a command injection vulnerability that stems from the failure of the file /htdocs/cgibin function ssdpcgimain in the component ssdpcgi to correctly filter constructed...

CVE-2025-2540

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library version 3.1.6 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...