WBCE CMS 1.5.2 - Cross-Site Scripting

WBCE CMS 1.5.2 contains a stored cross-site scripting vulnerability via \admin\user\save.php Display Name parameters. id: CVE-2022-30073 info: name: WBCE CMS 1.5.2 - Cross-Site Scripting author: arafatansari severity: medium description: | WBCE CMS 1.5.2 contains a stored cross-site scripting...

Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting

Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting. id: CVE-2018-10141 info: name: Palo Alto Networks PAN-OS GlobalProtect 8.1.4 - Cross-Site Scripting autho...

CVE-2025-46703 Potential XSS in Extension:AtMentions

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:AtMentions allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

WordPress BruteGuard – Brute Force Login Protection plugin <= 0.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin BruteGuard – Brute Force Login Protection versions = 0.1.4...

WordPress WP-BibTeX plugin <= 3.0.1 - Cross-Site Request Forgery to Stored and Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored and Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin WP-BibTeX versions = 3.0.1...

CVE-2024-46055

OpenVidReview 1.0 is vulnerable to Cross Site Scripting XSS in review names...

CVE-2024-46055

CVE-2024-46055 concerns the OpenVidReview 1.0 application, where the vulnerability is a Cross Site Scripting (XSS) issue in review names. The connected sources consistently describe XSS in OpenVidReview 1.0, but none provide concrete remediation details (e.g., patched versions) or specific exploi...

CVE-2024-50637

UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting XSS in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies...

CVE-2024-50637

CVE-2024-50637 affects UnoPim 0.1.3 and earlier. The vulnerability is Cross-Site Scripting (XSS) in the Create User function, exploitable via an SVG document to steal cookies. Affected versions are explicitly 0.1.3 and below; root cause is insufficient input validation in Create User handling of ...

CVE-2024-50637

UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting XSS in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies...

WordPress SrcSet Responsive Images for WordPress Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software SrcSet Responsive Images for WordPress Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51702 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c82eeab9d965 Credits João Pedro S...

CVE-2024-45933

OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) via the Title and summary fields in the /admin/post/edit/ endpoint. The vulnerability allows attackers to execute arbitrary code in the context of the affected site. The CVE records indicate a user-input‑driven XSS with a base CVSS v...

CVE-2024-45933

OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting XSS which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint...

CVE-2024-6920 Stored XSS in NAC Telecommunication's NACPremium

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Stored XSS. This issue affects NACPremium: through 01082024...

CVE-2024-44684

TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting XSS in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields...

CVE-2024-44684

TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting XSS in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields...

CVE-2023-26211

An improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module...

CVE-2024-43155 WordPress ComboBlocks plugin <= 2.2.86 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86...

en.vitalchem.com Cross Site Scripting vulnerability OBB-3949123

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

texaspanhandle.com.xx3.kz Cross Site Scripting vulnerability OBB-3948310

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...