Multiple cross-site scripting vulnerabilities in php_mailform

Overview phpmailform provided by econosys system contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability regarding the checkbox CWE-79 - CVE-2022-22142 Reflected cross-site scripting vulnerability regarding the attached file name CWE-79 -...

Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master"

Overview WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2022-0180 Reflected cross-site scripting CWE-79 - CVE-2022-0181 Stored cross-site scripting CWE-79 - CVE-2022-0182 CVE-2022-0180,...

CVE-2021-39315

The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the /inc/admin/main.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...

CVE-2021-39309

The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via and parameter due to a vardump on $POST variables found in the /vendor/dpsoft/parsian-payment/sample/rollback-payment.php file which allows attackers to inject arbitrary web scripts, in...

CVE-2021-39313

The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the /simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...

CVE-2021-20137

A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/siteaccess/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution...

CVE-2021-41918

webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the...

CVE-2021-39350

The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the playerid parameter found in the /view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727...

CVE-2021-24605

The createpostpage AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6 available to authenticated user does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue...

WordPress plugin MF Gig Calendar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

CVE-2021-38341

The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /includes/pluginsettings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10...

CVE-2021-38332

The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1...

CVE-2021-38331

The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the /wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The WorkPress Plugin suffers from a cross-sit...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin DJ EmailPublish suffers from a cross-site scripting vulnerability that stems from the fact that version 1.7.2 of the DJ EmailPublish WordPress plugin is susceptible to reflected cross-site scripting attacks...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

CVE-2021-38318

The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the /cover-carousel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

CVE-2021-24435

The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues...

Multiple vulnerabilities in Navigate CMS

Overview Navigate CMS is an open source Contents Management System CMS provided by Naviwebs S.C. Navigate CMS contains multiple vulnerabilities listed below. Reflected cross-site scripting in the Help feature CWE-79 Reflected cross-site scripting CWE-79 - CVE-2021-36454 SQL injection CWE-89 -...

CVE-2021-34651

The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the /includes/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...