CVE-2021-29029

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/editpersonalpage.php URI...

CVE-2021-29009

A cross-site scripting XSS issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter...

CVE-2021-29027

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI...

CVE-2021-29008

A cross-site scripting XSS issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "totime" parameter...

CVE-2021-29031

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/usersimport.php URI...

CVE-2021-28417

A cross-site scripting XSS issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "searchname" parameter...

CVE-2024-5962 Reflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output Encoding

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leadi...

CVE-2024-5962

CVE-2024-5962 is a reflected XSS in the authentication endpoint of multiple WSO2 products (e.g., WSO2 API Manager and WSO2 Identity Server) caused by missing output encoding of user input. The vulnerability can lead to arbitrary JavaScript execution in the authentication flow, potentially modifyi...

CVE-2021-27531

A cross-site scripting XSS vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter...

CVE-2021-26812

Cross Site Scripting XSS in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application...

CVE-2021-26710

A cross-site scripting XSS issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter...

CVE-2021-24425

The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue,...

CVE-2021-24309

The "Schedule Name" input in the Weekly Schedule WordPress plugin before 3.4.3 general options did not properly sanitize input, allowing a user to inject javascript code using the...

CVE-2021-24293

In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call getcartitems via photocratiajax , after that the settingsshippingaddressname is able to inject malicious javascript...

CVE-2021-38708

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS...

CVE-2021-21259

HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instanc...

CVE-2021-20683

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...

CVE-2021-43288

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...

CVE-2021-32927

An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker...

CVE-2021-35488

Thruk 2.40-2 allows /thruk/cgi-bin/status.cgi?style=combined=TITLE Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it...