6252 matches found
CVE-2024-37558
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Nazmul Hossain Nihal WPFavicon allows Stored XSS.This issue affects WPFavicon: from n/a through 2.1.1...
CVE-2024-37392
A stored Cross-Site Scripting XSS vulnerability has been identified in SMSEagle software version 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SM...
CVE-2024-55541
Stored cross-site scripting XSS vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 39169...
CVE-2024-13670
The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pnmsv' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-40111
A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...
CVE-2024-40484
A Reflected Cross Site Scripting XSS vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter...
CVE-2024-0898
The Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This mak...
CVE-2024-44771
BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting XSS via the "Label" field in the Report template function...
CVE-2024-44040
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in plainware ShiftController Employee Shift Scheduling shiftcontroller allows Stored XSS.This issue affects ShiftController Employee Shift Scheduling: from n/a through = 4.9.64...
CVE-2024-35768
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows DOM-Based XSS.This issue affects Page Builder: Live Composer: from n/a through = 2.1.13...
CVE-2024-56923
Stored Cross-Site Scripting XSS Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 = 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The...
CVE-2024-53481
A Cross Site Scripting XSS vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters...
CVE-2024-40727
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/...
CVE-2024-11660
A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed...
CVE-2024-52763
A cross-site scripting XSS vulnerability in the component /graphallperiods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter...
CVE-2024-51854
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in holanetworks Hola Free Video Player hola-free-video-player allows DOM-Based XSS.This issue affects Hola Free Video Player: from n/a through = 1.3.9...
CVE-2024-51896
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Magic Slider magic-slider allows Stored XSS.This issue affects Magic Slider: from n/a through = 1.3...
CVE-2024-51838
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in smajda Pull This pull-this allows DOM-Based XSS.This issue affects Pull This: from n/a through = 1.1...
CVE-2024-6942
A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phone leads to cross site scripting. It is possible to...
CVE-2024-50990
A Reflected Cross Site Scriptng XSS vulnerability was found in /omrs/user/search.php in PHPGurukul Online Marriage Registration System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter...