WordPress Post Timeline Plugin < 2.2.6 - Cross-Site Scripting

The Post Timeline WordPress plugin before version 2.2.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape an invalid nonce before outputting it back in an AJAX response, which could allow attackers to execute arbitrary JavaScript code in an...

PT-2026-22194

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, contains a flaw where a user's full name can be interpreted as raw HTML...

CVE-2025-23977

Cross-Site Request Forgery CSRF vulnerability in Bhaskar Dhote Post Carousel Slider post-carousel-slider allows Stored XSS.This issue affects Post Carousel Slider: from n/a through = 2.0.1...

EUVD-2019-7035

Malware in sbrugna...

CVE-2024-32564

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through = 4.0.1...

wordpress -- multiple issues

wordpress developers reports: Ten security issues affect WordPress versions 5.5.1 and earlier. If you havent yet updated to 5.5, all WordPress versions since 3.7 have also been updated to fix the following security issues: -Props to Alex Concha of the WordPress Security Team for their work in...

Mail.ru: [evo.my.com] Reflected XSS

Browser-specific reflected XSS via POST parameters in evo.my.com. evo.my.com is not covered by bug bounty scope...

Oracle Identity Management 10g (username) XSS POST Injection Vulnerability

Summary Oracle Identity Management enables organizations to effectively manage the end-to-end lifecycle of user identities across all enterprise resources, both within and beyond the firewall and into the cloud. The Oracle Identity Management platform delivers scalable solutions for identity...

Toko Lite CMS 1.5.2 - HTTP Response Splitting Cross-Site Scripting

Toko Lite CMS 1.5.2 - HTTP Response Splitting Cross-Site Scripting source: https://www.securityfocus.com/bid/49673/info Toko LiteCMS is prone to an HTTP-response-splitting vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An...

blogmev3.txt

vendor site:http://www.drumster.net/ product:Blogme v3 bug:login bypass & xss post risk:high admin login bypass : user : ' or '1' = '1 passwd: 1'='1' ro ' xss post : in: /comments.asp?blog=85 vulnerables fields: - Name - URL - Comments laurent gaffié & benjamin mossé http://s-a-p.ca/ contact:...

astoreecom.txt

vendor site:http://www.webinhabit.com/ product:A+ Store E-Commerce bug:injection sql & xss post risk:medium injection sql get : http://site.com/browse.asp?ParentID='sql xss post : in /accountlogin.asp: username = '"alertdocument.cookie'"alertdocument.cookie passwd =...

PhpGuestbook &lt;= 1.0 XSS

PhpGuestbook = 1.0 XSS Post Comment:- Name: 'scriptalertdocument.cookie/script Website: Comment: 'scriptalertdocument.cookie/script Found By: Qex...