- It should not be possible for an attacker to inject AngularJS expressions by using curly braces. The application needs to either treat curly braces in user input as highly dangerous or avoid server-side reflection of user input entirely.
- WordPress Plugin BingImport Cross-Site Scripting (0.4)
- WordPress Plugin Google Doc Embedder Cross-Site Scripting (2.5.18)
- WordPress Plugin Page Builder by SiteOrigin Cross-Site Scripting (2.0.4)
- WordPress Plugin Caldera Forms-More Than Contact Forms Multiple Cross-Site Scripting Vulnerabilities (126.96.36.199)
- WordPress Plugin MF Gig Calendar 'page_id' Parameter Cross-Site Scripting (0.9.4.1)