27433 matches found
CVE-2025-1773
CVE-2025-1773 affects the WordPress Traveler theme (
WordPress amoCRM WebForm plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin amoCR...
Rafed CMS 安全漏洞
Rafed CMS is a blogging system from Rafed Inc. A security vulnerability exists in Rafed CMS version 1.44, which stems from a cross-site scripting vulnerability that could allow an attacker to execute arbitrary web script or HTML via a specially crafted payload...
Italtel i-MCS NFV 安全漏洞
Italtel i-MCS NFV is an IMS/NGN core and border suite from Italtel, Italy. A security vulnerability exists in Italtel i-MCS NFV version 12.1.0-20211215. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML...
TRENDnet TEW-929DRU /addschedule.htm page cross-site scripting vulnerability
The TRENDnet TEW-929DRU is a wireless router from TRENDnet. The TRENDnet TEW-929DRU version 1.0.0.10 suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the rname variable within the havesamename function on...
IBM Control Center Cross-Site Scripting Vulnerability
IBM Control Center is a centralized monitoring and management system from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Control Center versions 6.2.1 through 6.3.1, which stems from improper validation of the HOST header input, and can be exploited by an...
CVE-2025-1287 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown, Syntax Highlighter, and Page Scroll widgets in all versions up to, and including, 6.2.2 due to insufficient...
CVE-2025-27585
A stored cross-site scripting XSS vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update...
CVE-2025-27585
Technical details about CVE-2025-27585 are not provided in the connected documents. Please monitor for updates.
CVE-2024-9019
CVE-2024-9019 concerns the SecuPress Free — WordPress Security plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the secupress_check_ban_ips_form shortcode, caused by insufficient input sanitization and output escaping. Affected versions are all up to and including 2.2.5.3....
CVE-2024-11582
The Subscribe2 – Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in all versions up to, and including, 10.43 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
Linksys E5600 PRF_Table_content Component Cross-Site Scripting Vulnerability
Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys USA. A cross-site scripting vulnerability exists in Linksys E5600 Ver.1.1.0.26. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...
PT-2025-7371 · WordPress · Team Builder For Wpbakery Page Builder
Name of the Vulnerable Software and Affected Versions: The Team Builder For WPBakery Page Builder plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'team-builder-vc' shortcode due to insufficient input...
The vulnerability of the CGI script VirtualServer.asp in the microprogramming software for D-Link DSL-3782 allows a hacker to execute arbitrary commands.
The vulnerability of the CGI script VirtualServer.asp in the D-Link DSL-3782 router microprogramming system is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
CVE-2024-33528
A Stored Cross-site Scripting XSS vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload...
CVE-2024-31847
An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting XSS vulnerability allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization...
CVE-2024-13506
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the displayname profile parameter in all versions up to, and including, 2.8.97 due to insufficient input sanitization and output escaping. This...
CVE-2021-4365
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2. This is due to lacking authentication protections and santisation all on the wpfmeditfiletitledesc AJAX action. This makes it possible for...
CVE-2024-25152
Stored cross-site scripting XSS vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web...
CVE-2024-25603
Stored cross-site scripting XSS vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users...