WordPress plugin WooCommerce cross-site scripting vulnerability (CNVD-2015-01281)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce is one of the e-commerce plug-ins. A cross-site scripting vulnerability exists in WordPress WooCommerce...

CVE-2015-2069

Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING in the wc-reports page to wp-admin/admin.php...

CVE-2014-10012

Cross-site scripting XSS vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI...

Cross site scripting

Cross-site scripting XSS vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI...

WordPress Another WordPress Classifieds Plugin - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the query string to the default URI. Solution Update the plugin...

PT-2015-3656 · WordPress · Wordpress Classifieds Plugin

Name of the Vulnerable Software and Affected Versions: Another WordPress Classifieds Plugin affected versions not specified Description: The issue allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI, which is a cross-site scripting XSS...

IPCop Cross-Site Scripting Vulnerability

IPCop is a Linux-based firewall suite developed by IPCop team, which is mainly for home and SOHO users, providing firewall functions and allowing monitoring and management of various information through some TCP/IP business rules. A cross-site scripting vulnerability exists in versions prior to...

D-link IP camera DCS-2103 with firmware cross-site scripting vulnerability

D-link IP camera DCS-2103 is a camera for IP surveillance solution. A cross-site scripting vulnerability exists in D-link IP camera DCS-2103 with firmware versions prior to 1.20, which allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING parameter in vb.htm...

CVE-2014-9243

Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...

WordPress Paid Memberships Pro Plugin 1.7.14 - Directory Traversal

This vulnerability is in the services/getfile.php, It allows the attackers to read arbitrary files in the QUERYSTRING in a getfile action to wp-admin/admin-ajax.php. Solution Update the plugin...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...

[SECURITY] Fedora 20 Update: nodejs-qs-0.6.6-3.fc20

This is a query string parser for node and the browser supporting nesting, as it was removed from 0.3.x, so this library provides the previous and commonly desired behavior and twice as fast. Used by express, connect and others...

[SECURITY] Fedora 19 Update: nodejs-qs-0.6.6-3.fc19

This is a query string parser for node and the browser supporting nesting, as it was removed from 0.3.x, so this library provides the previous and commonly desired behavior and twice as fast. Used by express, connect and others...

[SECURITY] Fedora 21 Update: nodejs-qs-0.6.6-3.fc21

This is a query string parser for node and the browser supporting nesting, as it was removed from 0.3.x, so this library provides the previous and commonly desired behavior and twice as fast. Used by express, connect and others...

CVE-2012-4226

Multiple cross-site scripting XSS vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 Title, 2 Content, or 3 New category field to wordpress/ or 4 query string to wordpress/...

CVE-2012-4226

Multiple cross-site scripting XSS vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 Title, 2 Content, or 3 New category field to wordpress/ or 4 query string to wordpress/...

CVE-2014-3080

Multiple cross-site scripting XSS vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to kvm.cgi or 2 the key parameter to avctalert.php...

Cisco WebEx Meetings Server Web Framework Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability occurs because sensitive information is passed in a query string. An attacker could exploit this vulnerability by viewing applicatio...

Envoy: Too much sensitive information in GET https://signwithenvoy.com/device_config/preview_badge

The page was loaded from a URL containing a query string:...

Design/Logic Flaw

rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string...