CVE-2020-13828

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or...

VBulletin Persistent Cross Site Scripting

A cross-site scripting vulnerability exists in vBulletin. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

WordPress Real-Time Find and Replace Plugin Cross-Site Scripting (CVE-2020-13641)

A cross-site scripting vulnerability exists in WordPress Real-Time Find and Replace Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

Dolibarr Persistent Cross Site Scripting (CVE-2020-13094)

A persistent cross site scripting vulnerability exists in Dolibarr. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

CVE-2019-7410

There is stored cross site scripting XSS in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $pagetitle in /lib/Galileo/files/templates/page/show.html.ep aka the PAGE TITLE Field...

Cross site scripting

There is stored cross site scripting XSS in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $pagetitle in /lib/Galileo/files/templates/page/show.html.ep aka the PAGE TITLE Field...

CVE-2019-6112

A Cross-site scripting XSS vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field...

CVE-2019-7410

There is stored cross site scripting XSS in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $pagetitle in /lib/Galileo/files/templates/page/show.html.ep aka the PAGE TITLE Field...

CVE-2020-13278

Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request...

Pydio Cells Cross-Site Scripting (CVE-2020-12849; CVE-2020-12853)

A cross site scripting vulnerability exists in Pydio Cells. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

CVE-2020-14962

Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title aka imageTitle or Caption aka description field of an image to wp-admin/admin-ajax.php...

CVE-2020-14962

Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title aka imageTitle or Caption aka description field of an image to wp-admin/admin-ajax.php...

Pandora FMS Persistent Cross-Site Scripting (CVE-2020-13853)

A persistent cross site scripting vulnerability exists in Pandora FMS. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

Canon Oce Colorwave Printer Cross Site Scripting (CVE-2020-10667)

A cross-site scripting vulnerability exists in Canon Oce Colorwave printer. Successful exploitation of this vulnerability could allow a remote attacker to inject an arbitrary web script into the affected system...

CVE-2019-11843

The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL Reflective Server-Side XSS...

CVE-2020-13627

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

CVE-2020-13628

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

CVE-2020-13627

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

CVE-2020-10946

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

CVE-2020-10946

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...