1056 matches found
CVE-2024-10850
The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attacker...
Car Rental Portal /search.php file cross-site scripting vulnerability
Car Rental Portal is a rental car portal. Car Rental Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the /search.php file parameter searchdata, which can be exploited by an attacker to execute arbitrary...
CVE-2024-9585
The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saveproject' function with an arbitrary shortcode in versions up to, and including, 6.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2024-9374
The CVE-2024-9374 entry describes a Reflected Cross-Site Scripting flaw in the WordPress Terms descriptions plugin (versions ≤ 3.4.6) caused by insufficient escaping in add_query_arg. This can allow unauthenticated attackers to inject scripts in pages executed when a user interacts (e.g., clickin...
CVE-2024-45262
GL-iNet devices affected (MT6000, MT3000, MT2500, AXT1800, AX1800) on version 4.6.2 have a vulnerability in the /rpc call where the params parameter allows arbitrary directory traversal, enabling script execution under arbitrary paths. Affected components: the /rpc endpoint’s params parameter. Im...
CVE-2024-30159
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting XSS attack due to insufficient validation of user input. A successful exploit could allow an attacker...
CVE-2024-35314
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance MiVB SVI 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user...
CVE-2024-30160
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting XSS attack due to insufficient validation of user input. A successful exploit could allow ...
CVE-2024-35314
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance MiVB SVI 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user...
CVE-2024-30160
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting XSS attack due to insufficient validation of user input. A successful exploit could allow ...
CVE-2024-35314
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance MiVB SVI 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user...
PT-2024-39918 · WordPress · Add Widget After Content
Name of the Vulnerable Software and Affected Versions: Add Widget After Content plugin for WordPress versions up to, and including, 2.4.6 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...
U.S. Dept Of Defense: [ CVE-2018-1000129 ] RXSS At `https://███████` via the URI
The CVE-2018-1000129 vulnerability allowed remote cross-site scripting RXSS at the specified URL. The vulnerability was due to improper sanitization of user input, which enabled the execution of arbitrary scripts in the victim's browser...
CVE-2024-9232
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to...
CVE-2024-8499
The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘renderreviewrequestnotice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possib...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the calendar event addition feature. An attacker can inject and execute arbitrary scripts by embedding malicious content into the calendar event name, which is not properly sanitized on output. Details...
CVE-2024-7846
YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts...
CVE-2024-45366
Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser...
CVE-2024-8907
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML XSS via a crafted set of UI gestures. Chromium security severity: Medium...
CVE-2024-8907
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML XSS via a crafted set of UI gestures. Chromium security severity: Medium...