EUVD-2024-38541

Malicious code in bioql PyPI...

CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

CVE-2025-7672

The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix API modules potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.01 before 4.6.0.23...

CVE-2020-2137

Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission...

CVE-2015-9405

The wp-piwik plugin before 1.0.5 for WordPress has XSS...

CVE-2025-26546

CVE-2025-26546: A CSRF to Stored XSS vulnerability in WordPress Cookies Pro (versions

CVE-2024-53759

CVE-2024-53759 refers to a CSRF to Stored Cross‑Site Scripting (XSS) vulnerability in the WordPress plugin “ArCa Payment Gateway” (versions 1.3.1 and earlier). The issue arises from improper input neutralization during web page generation, enabling stored XSS. Affected software is the ArCa Paymen...

CVE-2024-49665

CVE-2024-49665 is a stored XSS in the WordPress plugin Web Bricks Addons for Elementor (versions

CVE-2024-6927 Viral Signup <= 2.1 - Admin+ Stored XSS

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-38710

CVE-2024-38710 : Stored XSS in Master Addons for Elementor (WordPress plugin) up to version 2.0.6.2. Root cause: improper neutralization during web page generation. Affected: Master Addons for Elementor. Impact: authenticated users may inject script that could be stored and served to other users;...

CVE-2024-32572 WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.6.0...

CVE-2024-31344

CVE-2024-31344 affects the Easy Login Styler – White Label Admin Login Page for WordPress plugin. The vulnerability is a Stored XSS due to improper input handling, affecting version range n/a–1.0.6. Exploit details are not publicly provided in the materials. Red Hat and Wordfence entries corrobor...

CVE-2024-30193

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.17...

CVE-2022-3539 Testimonials (Free < 2.7, Pro < 1.0.8) - Admin+ Stored Cross-Site Scripting

The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24541 Wonder PDF Embed < 1.7 - Contributor+ Stored XSS

The Wonder PDF Embed WordPress plugin before 1.7 does not escape parameters of its wonderpluginpdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...

openMAINT openMAINT 2.1-3.3-b - &#039;Multiple&#039; Persistent Cross-Site Scripting

Exploit Title: openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting Date: 13/03/2021 Exploit Author: Hosein Vita Vendor Homepage: https://www.openmaint.org/ Software Link: https://sourceforge.net/projects/openmaint/files/2.1/Core%20updates/openmaint-2.1-3.3.1/ Version: 2.1-3...

OWOX, Inc.: Reflected XSS

Hi team, I have found an XSS at https://bi.owox.com/ui/6177527534dc114eb07fa829e4ce4d28/dashboard/?trial=activated Because the input is not properly filtered, resulting in XSS being executed Vulnerable area: ----- 6177527534dc114eb07fa829e4ce4d28 The URL will now be:...

Custom Field Suite <= 2.5.14 - Authenticated Cross-Site Scripting (XSS)

The Custom Field Suite WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

Updated squirrelmail packages fix XSS-security vulnerability

Updated squirrelmail packages fix XSS-security vulnerability: It was discovered that some special tags have not been filtered accordingly which can be used for an XSS-attack...

comodo.bluesnap.com XSS vulnerability

Vulnerable URL: https://comodo.bluesnap.com/jsp/buynow.jsp?contractId=3209254=939126&custom2;=Y&custom3;=Comodo&custom6;=%22--!%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| Yes, at 28.08.2017 Latest check for patch:| 28.08.2017 09:53 GMT Vulnerability...