CVE-2023-20058

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface...

PT-2022-26505 · WordPress · Bulk Delete Users By Email

Name of the Vulnerable Software and Affected Versions: Bulk Delete Users by Email WordPress plugin versions prior to 1.3 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back i...

CVE-2022-42364

Adobe Experience Manager version 6.5.14 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

WordPress plugin 2kb Amazon Affiliates Store 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2022-26265 · WordPress · Chained Quiz

Name of the Vulnerable Software and Affected Versions: Chained Quiz plugin for WordPress versions up to, and including, 1.3.2 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to...

CVE-2022-4029

The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforummd5 hash of the WordPress URL' cookie value in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

CVE-2022-3440

The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting...

CVE-2022-2167

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...

CVE-2022-37896

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser ...

CVE-2022-34218

Adobe Experience Manager versions 6.5.13.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

PT-2022-17927 · WordPress · Pre Classified Listings +4

Name of the Vulnerable Software and Affected Versions: Classima WordPress theme versions prior to 2.1.11 Classified Listing versions prior to 2.2.14 Classified Listing Pro versions prior to 2.0.20 Classified Listing Store & Membership versions prior to 1.4.20 Classima Core versions prior to 1.10...

CVE-2022-27546

HCL iNotes is susceptible to a Reflected Cross-site Scripting XSS vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser with...

CVE-2022-2532

The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

CVE-2022-1932

The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file...

CVE-2021-24910

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action available to both unauthenticated and authenticated users when the curl library is installed before outputting it back in the response, leading to a Reflected Cross-Si...

PT-2022-14892 · WordPress · Contact Form

Name of the Vulnerable Software and Affected Versions: Contact Form DB WordPress plugin versions prior to 1.8.0 Description: The issue is related to Reflected Cross-Site Scripting. It occurs because the plugin does not properly sanitise and escape some parameters before outputting them back in...

CVE-2022-36801

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting RXSS vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8...

CVE-2022-2386

The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

多款VMware产品跨站脚本漏洞

VMware vRealize Automation and others are products of VMware, Inc. vRealize Automation is a management tool that provides self-service, supervised multi-cloud automation. vMware Workspace One Access is a centralized management console that enables you to manage users and groups, set and manage...

CVE-2022-2189

The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...