935 matches found
CVE-2024-47801
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...
PT-2024-32820 · Sharp +1 · Sharp Mfps +1
Name of the Vulnerable Software and Affected Versions: Sharp and Toshiba Tec MFPs affected versions not specified Description: The issue is related to the improper processing of query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL...
PT-2024-33375 · Unknown · Adif Log Search Widget
Name of the Vulnerable Software and Affected Versions: ADIF Log Search Widget versions 1.0f and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Reflected XSS in the ADIF Log Search Widget...
WordPress DPD Baltic Shipping plugin <= 1.2.83 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin DPD Baltic Shipping versions = 1.2.83...
PT-2024-33448 · Digitally · Digitally
Name of the Vulnerable Software and Affected Versions: Digitally versions 1.0.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For versions 1.0.8...
CVE-2017-20193
The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendordescription' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
PT-2024-39740 · WordPress · Locatoraid Store Locator
Name of the Vulnerable Software and Affected Versions: Locatoraid Store Locator plugin for WordPress versions up to, and including, 3.9.47 Description: The issue is related to Reflected Cross-Site Scripting via $ POST keys due to insufficient input sanitization and output escaping. This allows...
WordPress Tainacan plugin <= 0.21.10 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Tainacan versions = 0.21.10...
CVE-2024-9435
The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2024-29432 · Cadclick · Cadclick
Name of the Vulnerable Software and Affected Versions: CADClick versions 1.11.0 and earlier Description: A reflected cross-site scripting XSS vulnerability in "PrevPgGroup.aspx" allows remote attackers to inject arbitrary web script or HTML via the wer parameter. This flaw lets remote attackers...
PT-2024-39584 · WordPress · Auto Amazon Links – Amazon Associates Affiliate Plugin
Name of the Vulnerable Software and Affected Versions: The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress versions up to, and including, 5.4.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate...
PT-2024-39581 · WordPress · The Product Delivery Date For Woocommerce – Lite
Name of the Vulnerable Software and Affected Versions: The Product Delivery Date for WooCommerce – Lite plugin for WordPress versions up to, and including, 2.7.3 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the...
PT-2024-39506 · WordPress · Loggedin – Limit Active Logins
Name of the Vulnerable Software and Affected Versions: Loggedin – Limit Active Logins plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows...
PT-2024-39251 · WordPress · Auto Featured Image From Title
Name of the Vulnerable Software and Affected Versions: Auto Featured Image from Title plugin for WordPress versions prior to 2.3 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows unauthenticated...
WordPress plugin Auto Featured Image from Title 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...
WordPress GTM Server Side plugin <= 2.1.19 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin GTM Server Side versions = 2.1.19...
CVE-2024-6018
The Music Request Manager WordPress plugin through 1.3 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
SAP S/4HANA 跨站脚本漏洞
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A cross-site scripting vulnerability exists in SAP S/4HANA that stems from weak coding of user control inputs and e-procurement on SAP S/4HANA that allows the execution of...
CVE-2024-6020
The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $SERVER'REQUESTURI' parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting...
CVE-2024-7354
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...