CVE-2023-2123

The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

PT-2023-22950 · WordPress · Woocommerce Easy Duplicate Product

Name of the Vulnerable Software and Affected Versions: WPGem WooCommerce Easy Duplicate Product plugin versions 0.3.0.0 and earlier Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...

PT-2023-26394 · Unknown · Easync Plugin

Name of the Vulnerable Software and Affected Versions: EaSYNC plugin versions prior to 1.3.8 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to stea...

CVE-2023-3292

The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-29304

Adobe Experience Manager versions 6.5.16.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2021-4363

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on the 'savecontentfront' function that uses printr on the user-supplied $REQUEST values . This makes ...

CVE-2023-2337

The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-2835

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2023-2708

The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘searchterm’ parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2023-1596

The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS that stems from the presence of a reflected XSS...

CVE-2023-28475

Concrete CMS previously concrete5 versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized...

WordPress plugin Loginizer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-24404

Reflected Cross-Site Scripting XSS vulnerability in VryaSage Marketing Performance plugin = 2.0.0 versions...

CVE-2023-2120

The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-27572

An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18041520711.NCS.10. A reflected XSS vulnerability was discovered in the httpsredirect.php web page via the page parameter...

CVE-2023-25593

Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browse...

WordPress plugin MagicForm 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-0746

The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting...

Red Hat Keycloak 跨站脚本漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from incorrect null byte handling and a reflected cross-site scripting XSS...