CWE-80: CWE-80

The WPBakery Page Builder WordPress plugin has a stored XSS vulnerability in the vc_custom_heading shortcode. Authenticated attackers with contributor...

This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious JavaScript code via the WPBakery P...

The Yoast SEO Premium WordPress plugin versions 25.7 to 25.9 contain a stored cross-site scripting vulnerability due to improper input sanitization. A...

This stored XSS vulnerability in the Eulerpool Research Systems WordPress plugin allows authenticated attackers with contributor-level access or highe...

The Memberlite Shortcodes WordPress plugin has a stored XSS vulnerability in its 'row' shortcode that allows authenticated attackers with contributor-...

The Mosaic Generator WordPress plugin has a stored XSS vulnerability that allows authenticated attackers with Contributor-level access or higher to in...

The Download Manager WordPress plugin has a stored XSS vulnerability in all versions up to 3.3.18. Authenticated attackers with author-level access or...

The Subpage List WordPress plugin has a stored XSS vulnerability that allows authenticated attackers with contributor-level access or higher to inject...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to inject malicious scripts into team member social li...

This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious JavaScript into pages using the Si...

The Responsive Video WordPress plugin has a stored XSS vulnerability that allows authenticated attackers with contributor-level access or higher to in...

This Cross-Site Scripting (XSS) vulnerability in the WoodMart WordPress theme allows attackers to inject malicious scripts into web pages. It affects ...

This CVE describes a cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 that allows attackers to inject and execute malicious web s...

This vulnerability allows attackers to inject malicious scripts into web pages through the Stockie Extra WordPress plugin. When exploited, it enables ...

This CVE describes a cross-site scripting (XSS) vulnerability in Apache SkyWalking where malicious script tags can be injected into web pages. It affe...

This vulnerability allows attackers to inject malicious scripts into web pages through the Easy Appointments WordPress plugin. It affects all WordPres...

Bruno API IDE versions before 1.39.1 contain a cross-site scripting vulnerability where environment names are injected as raw HTML. This allows execut...

This Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail allows authenticated users to upload malicious files as email attachments. When rec...

The Sikshya LMS WordPress plugin has a reflected cross-site scripting vulnerability in the 'page' parameter that allows unauthenticated attackers to i...

This cross-site scripting (XSS) vulnerability in Cisco Webex Meetings allows an unauthenticated attacker to execute malicious JavaScript in users' bro...

The SEUR Oficial WordPress plugin contains a reflected cross-site scripting (XSS) vulnerability in all versions up to 2.2.11. Unauthenticated attacker...

This vulnerability allows unauthenticated remote attackers to execute cross-site scripting (XSS) attacks against users accessing Cisco ASA/FTD VPN web...

The Store Hours for WooCommerce WordPress plugin contains a reflected cross-site scripting (XSS) vulnerability that allows unauthenticated attackers t...

This vulnerability allows attackers to inject malicious scripts into web pages through improper input sanitization in TE Informatics V5 software. When...

This vulnerability allows attackers to inject malicious scripts into WordPress websites using the Flag Icons plugin. When executed, these scripts can ...

This vulnerability allows attackers to inject malicious scripts into the profile.php page of Code-projects Online Class and Exam Scheduling System V1....

CVE-2024-54128 is an HTML injection vulnerability in Directus's comment feature due to client-side filtering that can be bypassed. This allows attacke...

This vulnerability in django Filer allows attackers to upload malicious files and execute stored cross-site scripting (XSS) attacks. It affects websit...

This CVE describes a stored cross-site scripting (XSS) vulnerability in LinkAce's Atom feed endpoint for lists. An authenticated user can inject malic...

This is a cross-site scripting (XSS) vulnerability in Vikunja todo application where malicious HTML/JavaScript can be injected into task descriptions....

A HTML injection vulnerability in Cacti's file upload functionality allows attackers to inject arbitrary HTML elements into error popups when uploadin...

IBM Application Gateway versions 23.10 through 25.09 are vulnerable to HTML injection, allowing attackers to inject malicious HTML that executes in us...

This vulnerability allows attackers to inject malicious scripts into web pages through the Easy Media Download WordPress plugin. It affects all WordPr...

IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.1 contain an HTML injection vulnerability that allows attackers to inject malicious HTML code. When ...

CVE-2025-66450 is a stored cross-site scripting (XSS) vulnerability in LibreChat where attackers can inject malicious code via the iconURL parameter. ...

This vulnerability allows malicious users to bypass Nextcloud's Content Security Policy (CSP) by tricking users into viewing specially crafted SVG fil...

This stored XSS vulnerability in the Slippy Slider WordPress plugin allows authenticated attackers with contributor-level access or higher to inject m...

IBM OpenPages versions 9.0 and 9.1 with Watson are vulnerable to HTML injection, allowing attackers to inject malicious HTML that executes in victims'...

IBM OpenPages 9.1 and 9.0 contains an HTML injection vulnerability that allows authenticated attackers to inject malicious HTML code. When victims vie...

This stored XSS vulnerability in Cisco ISE and ISE-PIC web management interfaces allows authenticated attackers to inject malicious scripts that execu...

IBM Informix Dynamic Server versions 12.10 and 14.10 contain an HTML injection vulnerability that allows remote attackers to inject malicious HTML cod...

IBM Content Navigator versions 3.0.11, 3.0.15, and 3.1.0 are vulnerable to HTML injection, allowing attackers to inject malicious HTML that executes i...

HCL DevOps Deploy/Launch is vulnerable to HTML injection, allowing authenticated users to embed arbitrary HTML in the web interface. This could lead t...

This Cross-Site Scripting (XSS) vulnerability in the Ella van Durpe Slides & Presentations WordPress plugin allows attackers to inject malicious scrip...

IBM Cognos Analytics is vulnerable to HTML injection where attackers can inject malicious HTML that executes in victims' browsers. This affects IBM Co...

This vulnerability allows an authenticated attacker to inject malicious scripts into Cisco Webex Teams via crafted usernames, potentially stealing sen...

This stored XSS vulnerability in Cisco AsyncOS web management interfaces allows authenticated attackers to inject malicious scripts that execute when ...

This vulnerability allows attackers to inject malicious scripts into web pages created by the ARI Stream Quiz WordPress plugin. When exploited, it ena...

This vulnerability allows attackers to inject malicious scripts into web pages using the WP Darko Responsive Tabs WordPress plugin. When exploited, it...

CVE-2022-1274 is an HTML injection vulnerability in Keycloak's execute-actions-email endpoint that allows attackers to inject arbitrary HTML into emai...