ByteOS Network

webaware

Source -

NVDCNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-8622

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.4||MEDIUM

EPSS-0.03% / 8.02%

7 Day CHG~0.00%

Published-19 Aug, 2025 | 07:26

Updated-19 Aug, 2025 | 13:42

Flexible Maps <= 1.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flexible Maps Shortcode

The Flexible Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flexible Maps shortcode in all versions up to, and including, 1.18.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor-webaware

Product-Flexible Map

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-10117

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-3.5||LOW

EPSS-0.08% / 23.77%

7 Day CHG~0.00%

Published-06 Jun, 2023 | 02:00

Updated-06 Aug, 2024 | 08:58

Gravity Forms DPS PxPay Plugin cross site scripting

A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 5966a5e6343e3d5610bdfa126a5cfbae95e629b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230664.

Vendor-webaware n/a

Product-gf_windcave_free Gravity Forms DPS PxPay Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')