Lack of output escaping for article titles leads to XSS vectors in various locations.
Lack of output escaping leads to a XSS vector in the content history component.
Lack of output escaping leads to a XSS vector in the readmore links for com_content.
Lack of output escaping leads to a XSS vector in the feed modules.
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
Lack of output escaping leads to a XSS vector in the multilingual associations component.
Lack of output escaping leads to a XSS vector in the multilingual associations component.
Lack of input filtering leads to an XSS vector in the HTML filter code.
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune insi
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.
In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search resul
Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Links in Captions links-in-captions allows Stored XSS.This issue affects Links in Captio
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot.
The Mutual Funds Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in versions up to, and including, 1.2.1. This is due to insufficient input s
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Capitalize My Title Capitalize My Title capitalize-my-title allows Stored XSS.This issue affects C
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Steman Page Title Splitter page-title-splitter allows Stored XSS.This issue affects Page Tit
Page 1+ Next →