CVE-2021-34655

The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the url parameter found in the /inc/class.ajax.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.11...

WordPress 跨站请求伪造漏洞

WordPress is the WordPress Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. function in the /news-plugin.php file is vulnerable to a cross-site request forgery attack, which...

CVE-2021-34632

The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the locconfig function found in the /seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1...

WordPress 插件 跨站请求伪造漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin, which stems from the vulnerability to cross-site request forgery via the OptionsPage function in the php settings.php file, which allows an attacker to inject arbitrary we...

WordPress 插件 跨站请求伪造漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin admin-custom-login, which stems from the fact that the Admin Custom Login WordPress plugin is susceptible to cross-site request forgery attacks due to the loginbgSave found...

Cross site scripting

Cross-site scripting vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacker to inject...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress's WP suffers from a cross-site scripting vulnerability that can be exploited by attackers ...

GHSA-RCP4-JM2V-MR3F Cross-site scripting in Shopizer

A stored cross-site scripting XSS vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customername in various forms of store administration. It is saved in the database. The code is executed for any user of store administration when informati...

GHSA-24P5-X9F9-VVPX Cross-site Scripting (XSS) in baserCMS

Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...

YzmCMS 跨站脚本漏洞

YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the /admin/systemmanage/userconfigedit.html page there is a cross-site scripting vulnerability, an attacker can use the vulnerability to inject...

Mozilla Firefox 跨站脚本漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A cross-site scripting vulnerability exists in Firefox 3.6.24 and versions between 4.x and 7. An attacker can exploit this vulnerability to inject arbitrary web script or HTML to execute client-side co...

CVE-2020-26642

A cross-site scripting XSS vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML...

CVE-2021-20725

Reflected cross-site scripting vulnerability in the admin page of Calendar01 free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20680

Cross-site scripting vulnerability in NEC Aterm devices Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and earlier, Aterm WG1200HS2 firmware Ver.2.5.0 and earlier,...

Mblog Cross-Site Scripting Vulnerability (CNVD-2021-26163)

Mblog is an open source Java blog system , support for multi-user , support for switching themes. Mblog 3.5 has a cross-site scripting vulnerability , the vulnerability stems from post editing via the post content field . An attacker can use this vulnerability to inject arbitrary Web script or HT...

Mcafee McAfee ePolicy Orchistrator 跨站脚本漏洞

McAfee ePolicy Orchistrator ePO is a suite of scalable security management software from McAfee. The software enables centralized, streamlined management of endpoint, network, content security and compliance solutions. A cross-site scripting vulnerability exists in McAfee ePolicy Orchestrator ePO...

Micro Focus Solutions Business Manager 跨站脚本漏洞

Micro Focus Solutions Business Manager SBM, Serena Business Manager is a suite of business process automation management solutions from Micro Focus UK. The product is mainly used for process automation, including software development lifecycle and IT business process management. A cross-site...

Cross site scripting

Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors...

Cross site scripting

Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors...

CVE-2021-20619

Cross-site scripting vulnerability in GROWI v4.2 Series versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors...