174954 matches found
CVE-2026-57755 WordPress Mosaic Gallery – Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in Mosaic Gallery Advanced Gallery = 1.2.0 versions...
JustRows WordPress - Cross-Site Scripting
JustRows free WordPress plugin v0.2 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...
Site Reviews < 7.2.5 - Unauthenticated Stored XSS
Site Reviews WordPress plugin before 7.2.5 contains a stored cross-site scripting caused by improper sanitization and escaping of review fields, letting unauthenticated users execute malicious scripts, exploit requires no authentication. id: CVE-2025-1232 info: name: Site Reviews 7.2.5 -...
BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting
BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML. id: CVE-2018-16139 info: name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting author:...
WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Surbma | Yoast SEO Breadcrumb Shortcode versions = 1.2...
CVE-2026-13704
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-54720
Silverstripe Framework (PHP) contains an XSS vulnerability in the CMS “Insert media from web” feature, exploitable via a specially crafted embed. The issue affects versions prior to 6.2.2 and is mitigated by upgrading to 6.2.2 or later. The vulnerability stems from the media embed handling and co...
CVE-2026-54720 Silverstripe Framework: Possible XSS attack through media embed
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...
CVE-2026-34098 Guardian Language-System XSS via id Parameter in media.php
Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...
CVE-2026-34096 Guardian Language-System XSS via name Parameter in designer.php
Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...
WordPress Optimole plugin <= 4.2.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Optimole versions = 4.2.7...
DEBIAN-CVE-2026-50229
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...
CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)
Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...
WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WooCommerce Designer Pro versions = 1.9.34...
CVE-2026-50765
A stored cross-site scripting XSS vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label...
CVE-2026-57431
Author Cross Site Scripting XSS in Featured Image = 2.1 versions...
CVE-2026-57317
CVE-2026-57317 affects the WordPress plugin Simply Schedule Appointments (versions
CVE-2026-56044 WordPress Blog2Social plugin <= 8.9.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Blog2Social = 8.9.2 versions...
CVE-2026-50765
CVE-2026-50765 is a Cross-Site Scripting (XSS) vulnerability in Koha Library Management System (through version 25.11) affecting the patron restriction type administration page. An authenticated administrator can inject arbitrary scripts via the restriction type label (display_text field). The is...
AlmaLinux 9 : python3.14 (ALSA-2026:28247)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28247 advisory. python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open API CVE-2026-4786 python: Python: Cross-Site Scripting XSS...