CVE-2025-61640

CVE-2025-61640 is a Cross-Site Scripting vulnerability in Wikimedia Foundation MediaWiki related to the file resources/src/mediawiki.Rcfilters/ui/RclToOrFromWidget.Js. It affects MediaWiki versions prior to 1.39.14, 1.43.4, and 1.44.1. The description in connected sources confirms an input handli...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Improper Encoding or Escaping of Output

Overview django-tomselect is a Django autocomplete widgets and views using Tom Select Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in form widget input, including the labelfield parameter. An attacker can hide the contents between tags in code from...

CVE-2024-10091 ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Comparison Widget in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-6346 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget

The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output escaping on user supplied...

PT-2024-33179 · WordPress · Ultraaddons

Name of the Vulnerable Software and Affected Versions: UltraAddons – Elementor Addons plugin for WordPress versions up to, and including, 1.1.6 Description: The issue is related to Stored Cross-Site Scripting via multiple widgets due to insufficient input sanitization and output escaping on...

CVE-2021-24143

Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections...