CVE-2010-0920

Cross-site scripting XSS vulnerability in IBM Lotus iNotes aka Domino Web Access or DWA before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."...

EUVD-2010-0946

Malware in sbrugna...

EUVD-2020-29815

Malware in sbrugna...

PT-2025-22049 · Checkbot · Checkbot

Name of the Vulnerable Software and Affected Versions: CheckBot versions 1.05 and earlier Description: A Cross-Site Request Forgery CSRF issue in Ref CheckBot allows for Stored XSS. This means an attacker can execute malicious scripts on the victim's browser, potentially leading to unauthorized...

CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

CVE-2025-31385 WordPress Site Table of Contents plugin <= 0.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in intelcaprep Site Table of Contents site-table-of-contents allows Stored XSS.This issue affects Site Table of Contents: from n/a through = 0.3...

CVE-2025-32502 WordPress ePaper Lister for Yumpu plugin <= 1.4.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in lemmentwickler ePaper Lister for Yumpu magazine-lister-for-yumpu allows Stored XSS.This issue affects ePaper Lister for Yumpu: from n/a through = 1.4.0...

CVE-2025-32503

CVE-2025-32503 affects the WordPress plugin Link Shield (Link Shield) up to version 0.5.4, describing a stored Cross-Site Scripting vulnerability in input handling during web page generation. The vulnerability is listed as Cross-Site Scripting with a patch status of Unpatched in vendor/public sou...

CVE-2025-0522 LikeBot – Decentralized like-system <= 0.85 - Admin+ Stored XSS via CSRF

The LikeBot WordPress plugin through 0.85 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2025-23760 WordPress Chatter plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1...

CVE-2025-23558 WordPress Geotagged Media plugin <= 0.3.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in digitalfisherman Geotagged Media geotagged-media allows Stored XSS.This issue affects Geotagged Media: from n/a through = 0.3.0...

CVE-2025-22506 WordPress Smart Agenda Plugin <= 4.7 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Smart Agenda Smart Agenda smart-agenda-prise-de-rendez-vous-en-ligne allows Stored XSS.This issue affects Smart Agenda: from n/a through = 4.7...

CVE-2024-8051 Special Feed Items <= 1.0.1 - Stored XSS via CSRF

The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-7861 Misiek Paypal <= 1.1.20090324 - Stored XSS via CSRF

The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-4757 Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-3823 Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

vacuum.com.au Cross Site Scripting vulnerability OBB-3636725

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-0603 Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF

The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

capelland.com Cross Site Scripting vulnerability OBB-3297498

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

pacolealphotography.com Cross Site Scripting vulnerability OBB-3222489

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...