28 matches found
EUVD-2021-34789
WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with...
CVE-2021-47927 WordPress Plugin WP Symposium Pro 2021.10 Stored XSS via wps_admin_forum_add_name
WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with...
CVE-2021-47927
WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with...
CVE-2021-47927
CVE-2021-47927 affects the WordPress plugin WP Symposium Pro (version 2021.10). It describes a stored cross-site scripting (XSS) vulnerability in the wps_admin_forum_add_name parameter used during admin setup: authenticated attackers can submit a JavaScript payload via POST, which is stored and e...
CVE-2021-47927 WordPress Plugin WP Symposium Pro 2021.10 Stored XSS via wps_admin_forum_add_name
WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with...
PT-2026-39503
WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with...
WordPress plugin WP Symposium Pro 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2024-58344
Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that...
CVE-2024-58344 Carbon Forum 5.9.0 Persistent XSS via Forum Name Field
Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that...
CVE-2024-58344
Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that...
CVE-2024-58344 Carbon Forum 5.9.0 Persistent XSS via Forum Name Field
Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that...
CVE-2024-58344
Carbon Forum 5.9.0 contains a persistent XSS vulnerability via the Forum Name field in dashboard settings. Authenticated administrators can store JavaScript payloads that execute for users visiting the forum, enabling session hijacking and data theft. The document does not provide a remediation o...
PT-2026-34455
Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that...
Carbon-Forum 跨站脚本漏洞
Carbon-Forum is a high-performance open-source forum software developed by Canbin Lin. Version 5.9.0 of Carbon-Forum contains a cross-site scripting vulnerability. This vulnerability stems from a stored-cross-site scripting flaw, which could allow authenticated administrators to inject malicious...
Simple Machines Forum (SMF) <= 2.1.6 XSS Vulnerability
Simple Machines Forum SMF is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2025-67163
A stored cross-site scripting XSS vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Forum Name parameter. An attacker can execute arbitrary web scripts or HTML by injecting crafted payloads. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “inject...
CVE-2025-67163
A stored cross-site scripting XSS vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter...
CVE-2025-67163
A stored cross-site scripting XSS vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter...
PT-2025-52332
Name of the Vulnerable Software and Affected Versions Simple Machines Forum version 2.1.6 Description A stored cross-site scripting XSS issue exists in Simple Machines Forum. Successful exploitation allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the...