WordPress Spice Box Plugin < 2.2 is vulnerable to Cross Site Scripting (XSS)

Software Spice Box Type Plugin Vulnerable versions 2.2 Fixed in 2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1d9a54925819 Credits Rafie Muhammad Patchstack Required privilege...

CVE-2023-37743

A cross-site scripting XSS vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box...

CVE-2023-37743

A cross-site scripting XSS vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box...

CVE-2023-37743

A cross-site scripting XSS vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box...

CVE-2023-21260

In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation...

CVE-2023-37743

A cross-site scripting XSS vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box...

PT-2023-26088 · Unknown · Teacher Subject Allocation System

Name of the Vulnerable Software and Affected Versions: Teacher Subject Allocation System version 1.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box. Recommendations: For Teacher Subjec...

CVE-2020-36752

The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to missing or incorrect nonce validation on the savemetabox function. This makes it possible for unauthenticated attackers to save meta boxe...

CVE-2020-36752 Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery Bypass

The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to missing or incorrect nonce validation on the savemetabox function. This makes it possible for unauthenticated attackers to save meta boxe...

CVE-2020-36752

CVE-2020-36752 affects the WordPress plugin "Coming Soon & Maintenance Mode Page". The issue is a Cross-Site Request Forgery due to missing/incorrect nonce validation on the save_meta_box() function, enabling unauthenticated attackers to save meta boxes via forged requests if a site administrator...

PT-2023-11892 · WordPress · The Coming Soon Page & Maintenance Mode

Name of the Vulnerable Software and Affected Versions: Coming Soon & Maintenance Mode Page plugin for WordPress versions up to, and including, 1.57 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save meta box function. This allo...

Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)

Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: https://decapcms.org/docs/intro/ Software Link: https://github.com/decaporg/decap-cms Version: 2.10.192 Tested on: https://cms-demo.netlify.com Description: 1. Go to new post and write...

CVE-2023-36936

Cross-Site Scripting XSS vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box...

CVE-2023-36936

Cross-Site Scripting XSS vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box...

Cross site scripting

Cross-Site Scripting XSS vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box...

CVE-2023-36936

Cross-Site Scripting XSS vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box...

PT-2023-25743 · Unknown · Phpgurukul Online Security Guards Hiring System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Security Guards Hiring System version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted payload to the "search booking box" API endpoint. This is a Cross-Site Scripting XSS issue, which mean...

Online Security Guards Hiring System 跨站脚本漏洞

Online Security Guards Hiring System is an online security guard hiring system. A security vulnerability exists in Online Security Guards Hiring System version 1.0, which can be exploited to execute arbitrary code via a search booking box...

CVE-2023-37153

CVE-2023-37153 : KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description field of the Light App creation feature. An attacker can inject XSS syntax into the Description, causing script execution when the field is rendered. The available connected documents confirm ...

Weak Cryptography

github.com/bishopfox/sliver is vulnerable to weak cryptography. The vulnerability exists because it does not properly implement Nacl Box libsodium, which allows an attacker to execute arbitrary codes on implanted devices and intercept user responses...