CVE-2023-45889

A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...

Cross site scripting

A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...

CVE-2023-45889

A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...

CVE-2023-45889

CVE-2023-45889 is a UXSS vulnerability in ClassLink OneClick Extension up to version 10.8, allowing remote injection of JavaScript into arbitrary web pages. The issue stems from an incomplete fix of CVE-2022-48612, as noted across multiple sources (including Red Hat and CVE entries). Affected sof...

CVE-2023-45889

A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...

VulnCheck KEV: CVE-2021-24290

There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages...

StrangeBee TheHive Security Vulnerability

TheHive is a scalable open source security incident response platform. A security vulnerability exists in StrangeBee TheHive versions 5.2.0 through 5.2.8. An attacker exploited the vulnerability to insert malicious JavaScript code into a template or its variables...

CVE-2022-3194

The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators...

CVE-2023-4757 Staff / Employee Business Directory for Active Directory < 1.2.3 - Improper escaping of LDAP entries

The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could...

CVE-2022-3194 Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting

The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators...

CVE-2022-2413

The CVE-2022-2413 issue affects the Slide Anything WordPress plugin prior to 2.3.47. Root cause: the slide title is not properly sanitized/escaped before output in admin pages, enabling a logged-in user with roles as low as Author to inject JavaScript payloads. Impact: cross-site scripting in adm...

WordPress plugin Slide Anything Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-11527 · WordPress · Slide Anything

Name of the Vulnerable Software and Affected Versions: Slide Anything WordPress plugin versions prior to 2.3.47 Description: The issue arises from the improper sanitization or escaping of the slide title before it is outputted in the admin pages. This allows a logged-in user with roles as low as...

WordPress plugin Dokan security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability previously...

Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin

On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin to our Wordfence Intelligence Vulnerability Database. This vulnerability, which was originally reported by WPScan, allows an unauthenticated attacker to inject arbitrary JavaScript tha...

Cross Site Scripting (XSS)

github.com/gofiber/template is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper validation and sanitization of user input via the template engine. This issue can be exploited by attacker via injecting malicious JavaScript via the template engine resulting in XSS...

VulnCheck KEV: CVE-2023-6000

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks...

EUVD-2023-58267

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks...

CVE-2023-6000 Popup Builder < 4.2.3 - Unauthenticated Stored XSS

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks...

Stored Cross Site Scripting (XSS)

Winter CMS is vulnerable to Stored Cross Site Scripting XSS. The vulnerability is due to improper sanitization within the rename functionality of files after uploads to the Media Manager. This issue can be exploited by an attacker with the media.managemedia permission to upload a file and later...