Show filters
346 Total Results
Displaying 41-50 of 346
Sort by:
Attacker Value
Unknown
CVE-2025-23871
Disclosure Date: January 16, 2025 (last updated January 17, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Bas Matthee LSD Google Maps Embedder allows Cross Site Request Forgery.This issue affects LSD Google Maps Embedder: from n/a through 1.1.
0
Attacker Value
Unknown
CVE-2025-23841
Disclosure Date: January 16, 2025 (last updated January 17, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikos M. Top Flash Embed allows Stored XSS.This issue affects Top Flash Embed: from n/a through 0.3.4.
0
Attacker Value
Unknown
CVE-2025-23807
Disclosure Date: January 16, 2025 (last updated January 17, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jimmy Hu Spiderpowa Embed PDF allows Stored XSS.This issue affects Spiderpowa Embed PDF: from n/a through 1.0.
0
Attacker Value
Unknown
CVE-2025-23513
Disclosure Date: January 16, 2025 (last updated January 17, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Joshua Wieczorek Bible Embed allows Stored XSS.This issue affects Bible Embed: from n/a through 0.0.4.
0
Attacker Value
Unknown
CVE-2024-13286
Disclosure Date: January 09, 2025 (last updated January 10, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal SVG Embed allows Cross-Site Scripting (XSS).This issue affects SVG Embed: from 0.0.0 before 2.1.2.
0
Attacker Value
Unknown
CVE-2024-11830
Disclosure Date: January 08, 2025 (last updated January 09, 2025)
The PDF Flipbook, 3D Flipbook—DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and output escaping on user-supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown
CVE-2025-22554
Disclosure Date: January 07, 2025 (last updated January 08, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Franklin Video Embed Optimizer allows Stored XSS.This issue affects Video Embed Optimizer: from n/a through 1.0.0.
0
Attacker Value
Unknown
CVE-2025-22545
Disclosure Date: January 07, 2025 (last updated January 08, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sw-galati.ro iframe to embed allows Stored XSS.This issue affects iframe to embed: from n/a through 1.2.
0
Attacker Value
Unknown
CVE-2024-11749
Disclosure Date: January 07, 2025 (last updated January 07, 2025)
The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appizy' shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown
CVE-2024-56256
Disclosure Date: December 31, 2024 (last updated January 02, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Fragen Embed PDF Viewer allows Stored XSS.This issue affects Embed PDF Viewer: from n/a through 2.3.1.
0