PT-2022-14892 · WordPress · Contact Form

Name of the Vulnerable Software and Affected Versions: Contact Form DB WordPress plugin versions prior to 1.8.0 Description: The issue is related to Reflected Cross-Site Scripting. It occurs because the plugin does not properly sanitise and escape some parameters before outputting them back in...

CVE-2022-36801

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting RXSS vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8...

CVE-2022-2386

The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

多款VMware产品跨站脚本漏洞

VMware vRealize Automation and others are products of VMware, Inc. vRealize Automation is a management tool that provides self-service, supervised multi-cloud automation. vMware Workspace One Access is a centralized management console that enables you to manage users and groups, set and manage...

CVE-2022-2189

The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2022-0899

The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting...

MiCODUS MV720 GPS 跨站脚本漏洞

The MiCODUS MV720 GPS is a GPS tracker from MiCODUS USA. The MiCODUS MV720 GPS suffers from a cross-site scripting vulnerability that stems from a reflected cross-site scripting vulnerability in the main web server, which could allow an attacker to gain control by tricking a user into making a...

CVE-2022-35170

SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting XSS vulnerability, therefore changing the scope of the attack. This leads to limited impact on...

CVE-2022-1470

The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

Jenkins Plugin Embeddable Build Status 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Embeddable Build Status Plugin ha...

CVE-2017-20061

A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert1%3E leads to basic cross site scripting Reflected. The...

CVE-2022-1773

The WP Athletics WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting...

WordPress plugin WP Athletics 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Athletics plugin version 1.1.7 and prior versions are vulnerable to a cross-site scripting...

WordPress plugin Ultimate Member 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Ultimate...

CVE-2022-30513

School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting XSS via admin/inc/navigation.php:125...

WordPress plugin Donate Extra 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. WordPress Donate Extra plugin version 2.02 and earlier contain a cross-site scripting vulnerability that...

CVE-2022-29876

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not properly handle the input of a GET request parameter. The provided argument is directly reflected in the web server response. This could allow an unauthenticated attacker to perform reflected XSS attacks...

CVE-2022-22773

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Serv...

CVE-2022-1267

The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

Exploit for Cross-site Scripting in Home_Owners_Collection_Management_System_Project Home_Owners_Collection_Management_System

CVE-2022-28077 Home Owners Collection Management System 1.0 -...