PT-2023-27590 · WordPress · Bus Ticket Booking With Seat Reservation

Name of the Vulnerable Software and Affected Versions: The Bus Ticket Booking with Seat Reservation plugin for WordPress versions up to, and including, 5.2.3 Description: The issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject...

WordPress Plugin Premium Addons PRO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Plugin Custom Base Terms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

WordPress Plugin Google Map Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Plugin Download Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

My-Blog 跨站脚本漏洞

My-Blog is a Java blog system implemented by SpringBoot + Mybatis + Thymeleaf and other technologies, with beautiful pages, full functionality, easy deployment and perfect code. ZHENFENG13 A security vulnerability exists in My-Blog, which stems from the presence of a cross-site scripting XSS...

bootstrap: XSS in the tooltip or popover data-template attribute

A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...

Stiltsoft Handy Macros 跨站脚本漏洞

Stiltsoft Handy Macros is a powerful set of macros from Stiltsoft Inc. It is used to create interactive Confluence content. A security vulnerability exists in Stiltsoft Handy Macros version 3.x through versions prior to 3.5.5. An attacker could exploit this vulnerability to inject arbitrary HTML ...

CVE-2022-2541

The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the /app/sites/ajax/actions/keywordsave.php file that is called via the doAjax function. This makes i...

WordPress plugin Stockists Manager for Woocommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-38089

Stored cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary script...

CVE-2022-0830

The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put...

CVE-2021-34636

The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the savetheme function found in the /includes/admin/coundownthemepage.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up t...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. A cross-site request forgery vulnerability exists in versions of the WordPress plugin Youtube Feeder prior to 2.0.1, which stems from a cross-site request forgery vulnerability in the...

WordPress FV Flowplayer Video Player 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.FV Flowplayer Video Player is a video player plugin used in it. relevant is a relevant content display plugin used in it. A cross-site...

Cross-site Scripting (XSS)

Overview vis-timeline is a Timeline/Graph2D is an interactive visualization chart to visualize data in time Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker with the ability to control the items of a Timeline element can inject additional script code into...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2020-10480)

Microsoft SharePoint Enterprise Server is an enterprise business collaboration platform. A cross-site scripting vulnerability exists in Microsoft SharePoint Enterprise Server, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain sensitive...

Google Gmail Cross-Site Scripting Vulnerability

Gmail is Google's free webmail service. Google Gmail suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary web script or HTML...

WordPress Sell Downloads Cross-Site Scripting Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. WordPress Sell Downloads suffers from a cross-site scripting vulnerability that can be...

Mozilla Firefox and Firefox ESR Cross-Site Scripting Vulnerability (CNVD-2019-22857)

Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A cross-site scripting vulnerability exists in Mozilla Firefox versions prior to...