The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to ins
Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can cr
A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be execute
The Shipping via Planzer for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘processed-ids’ parameter in all versions up to, and including, 1.0.25 due to insu
A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browse
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Darna Framework darna-framework allows Reflected XSS.This issue affects Darna Framework: f
A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to exe
A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yuichiro ABE Meta Accelerator meta-accelerator allows Reflected XSS.This issue affects Meta Accele
A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine (VTools) that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by Secu
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yesstreamingdev Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com shoutcast-and-ice
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the `filter` URL parameter is rende
The Mosaic Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘c’ parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and outp
Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fie
WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Reflected
The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email-text' parameter in all versions up to, and including, 4.6.1 due to in
The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sani