32410 matches found
DevDojo Voyager <=1.8.0 - Cross-Site Scripting
DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed. id: CVE-2024-55416 info: name: DevDojo Voyager =1.8.0 - Cross-Site Scripting author:...
SlideDeck 1 Lite Content Slider - Cross-Site Scripting
SlideDeck 1 Lite Content Slider WordPress plugin = 1.4.8 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13224 inf...
Contact Form Generator <= 2.5.5 - Cross-Site Scripting
The Contact Form Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in wp-admin/admin.php in versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Hestiacp <= 1.7.7 - Cross-Site Scripting
Cross-site Scripting XSS - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. id: CVE-2023-3479 info: name: Hestiacp = 1.7.7 - Cross-Site Scripting author: edoardottt severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository hestiacp/hestiacp prior to...
CrafterCMS Engine - Cross-Site Scripting
CrafterCMS Engine is vulnerable to reflected cross-site scripting XSS via the transformerName parameter in the /api/1/site/url/transform endpoint, allowing attackers to execute arbitrary JavaScript in the context of the user. id: CVE-2023-4136 info: name: CrafterCMS Engine - Cross-Site Scripting...
JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS
A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...
XWiki >= 13.10.8 - Cross-Site Scripting
Reflected XSS vulnerability in XWiki authenticate endpoints allows execution of arbitrary JavaScript. id: CVE-2023-29506 info: name: XWiki = 13.10.8 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Reflected XSS vulnerability in XWiki authenticate endpoints allows...
Advance Post Prefix WordPress plugin - Reflected XSS
Advance Post Prefix WordPress plugin through 1.1.1 contains a reflected cross-site scripting caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12734 info: name: Advance...
Zarinpal Paid Download - Reflected XSS
Zarinpal Paid Download WordPress plugin v2.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit requires...
Tube Video Ads Lite - Reflected XSS
Tube Video Ads Lite WordPress plugin = 1.5.7 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craf...
WP Dream Carousel < 1.0.1b - Cross-Site Scripting
WP Dream Carousel WordPress plugin 1.0.1b contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires victim to load a...
Glossy WordPress - Reflected XSS
Glossy WordPress plugin v2.3.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click a malicious link. id: CVE-2024-13325 info: name: Glossy WordPress -...
Post Sync Plugin <= 1.1 - Cross-Site Scripting
Post Sync WordPress plugin = 1.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a maliciou...
Journyx 11.5.4 - Reflected Cross Site Scripting
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application. id: CVE-2024-6892 info: name: Journyx 11.5.4 - Reflected Cross Site Scripting author: DhiyaneshDk severity: medium description: | Attackers can craft a malicious...
AffiliateImporterEb <= 1.0.6 - Reflected XSS
AffiliateImporterEb WordPress plugin through 1.0.6 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12732 info: name: AffiliateImporterEb =...
WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting
The Tourfic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting XSS in versions up to and including 2.11.7 due to insufficient input sanitization and output escaping in the 'place' parameter. id: CVE-2024-29137 info: name: WordPress Tourfic Plugin = 2.11.7 - Cross-Site Scripting...
WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
WordPress Restrict User Access – Membership Plugin with Force versions before 2.6 is vulnerable to Reflected Cross-Site Scripting via the 'ruasection' parameter in the admin level edit page. id: CVE-2024-29138 info: name: WordPress Restrict User Access = 2.5 - Cross-Site Scripting author: Shivam...
GP Premium <= 2.4.0 - Cross-Site Scripting
The GP Premium plugin for WordPress up to 2.4.0 is vulnerable to reflected XSS via the 'message' parameter in inc/verify.php lines 95-101, where a message passed with slactivation=false is URL-decoded and used unsanitized in addsettingserror, allowing XSS payloads to be reflected in admin notices...
A5 Custom Login Page - Reflected XSS
A5 Custom Login Page WordPress plugin v2.8.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires a crafted URL or...
WP BASE Booking - Reflected XSS
WP BASE Booking of Appointments, Services and Events WordPress plugin 5.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to...