CVE-2023-5210

The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-5141

The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does not sanitise and escape the insertedcount parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-5211

The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability...

CVE-2023-4250

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2023-27038 · WordPress · Winters Theme

Name of the Vulnerable Software and Affected Versions: Winters theme for WordPress versions up to, and including, 1.4.3 Description: The issue is related to Reflected Cross-Site Scripting via prototype pollution due to insufficient input sanitization and output escaping. This allows unauthenticat...

CVE-2023-44245

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...

CVE-2023-41691

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Pensopay WooCommerce PensoPay plugin = 6.3.1 versions...

CVE-2023-41236

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Happy addons Happy Elementor Addons Pro plugin = 2.8.0 versions...

CVE-2022-4137

A reflected cross-site scripting XSS vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be...

CVE-2023-40618

A reflected cross-site scripting XSS vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in...

Exploit for Cross-site Scripting in Moosocial

mooSocial: XSS CVE-2023-43326 A reflected cross-site scripti...

CVE-2023-40984

A reflected cross-site scripting XSS vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Cecil Cross-Site Scripting Vulnerability

Cecil is a static site generator. A cross-site scripting vulnerability exists in Cecil versions prior to 7.47.1 that stems from the presence of reflected cross-site scripting XSS...

Multiple vulnerabilities in SHIRASAGI

Overview SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2023-36492 Stored cross-site scripting CWE-79 - CVE-2023-38569 Path traversal CWE-22 - CVE-2023-39448 CVE-2023-36492, CVE-2023-38569 Taiga Shirakura of Mits...

Multiple vulnerabilities in i-PRO VI Web Client

Overview VI Web Client provided by i-PRO Co., Ltd. is Video Insight's video management software. VI Web Client contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2023-38574 Reflected Cross-site Scripting CWE-79 - CVE-2023-39938 View Stored Cross-site Scripting in View...

CVE-2023-3992

The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-34175

Unauth. Reflected Cross-Site Scripting XSS vulnerability in GrandSlambert Login Configurator plugin = 2.1 versions...

PT-2023-24638 · WordPress · Miled Wordpress Social Login

Name of the Vulnerable Software and Affected Versions: Miled WordPress Social Login plugin versions = 3.0.4 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to...

CVE-2023-2272

The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...