PT-2024-39722 · WordPress · Wp Shapes

Name of the Vulnerable Software and Affected Versions: WP SHAPES plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to stored Cross-Site Scripting via SVG file uploads due to insufficient input sanitization and output escaping. This allows authenticated...

CVE-2024-52794

Technical details for CVE-2024-52794 are not publicly available in the provided documents. The materials mention a lightbox-related cross-site scripting in Discourse and a patch in the latest version. Monitor for official advisories for specifics.

CVE-2023-23354

CVE-2023-23354 affects QNAP QuLog Center. The vulnerability is an XSS flaw in QuLog Center before specific fixed versions, allowing remote attackers with user access to bypass security or read data. Affected versions include prior to 1.3.1.645, prior to 1.4.1.691, and prior to 1.5.0.738. The fixe...

CVE-2021-20553 IBM Sterling B2B Integrator Standard Edition cross-site scripting

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2024-55492

CVE-2024-55492 affects Winmail Server 4.4. The issue is a cross-site scripting (XSS) vulnerability via the f_user parameter containing a payload like %22%3E%3Csvg%20onload. Documented CVSS v3.1 base score 6.1 (Medium) with network attack vector, required user interaction, and changed scope; confi...

WordPress User Referral plugin <= 8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin User Referral versions = 8.0...

CVE-2024-12127

The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. This...

CVE-2024-12127 Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting via page Parameter

The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. This...

CVE-2024-55451

A Stored Cross-Site Scripting XSS vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend...

CVE-2024-54348 WordPress Brandy theme <= 1.1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yaycommerce Brand brand allows Stored XSS.This issue affects Brand: from n/a through = 1.1.6...

CVE-2024-55554

Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet. Affected component: portal server web UI; root cause: input in portlet not properly sanitized. Impact: cross-site scripting with network access, requiring user interaction; CVSSv3.1 base score 5.4 (MEDIUM). Remediation: up...

WordPress Responsive Google Maps | by imbaa plugin <= 1.2.5 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Responsive Google Maps | by imbaa versions = 1.2.5...

PT-2024-17231 · WordPress · Tcbd Popover

Name of the Vulnerable Software and Affected Versions: TCBD Popover plugin for WordPress versions prior to 1.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'tcbd-popover-image' shortcode due to insufficient input sanitization and output escaping on user-suppli...

PT-2024-17629 · WordPress · My Idx Home Search

Name of the Vulnerable Software and Affected Versions: My IDX Home Search plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

CVE-2024-54335

CVE-2024-54335 is a Reflected XSS in ZebraSoft ImmoToolBox Connect. Connected Red Hat advisory confirms the issue affects ImmoToolBox Connect up to and including 1.3.3, caused by improper neutralization of input during web page generation. Impact: client-side script execution in users’ browsers. ...

CVE-2024-54325 WordPress CarDealerPress plugin <= 6.6.2410.02 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DealerTrend CarDealerPress cardealerpress allows Reflected XSS.This issue affects CarDealerPress: from n/a through = 6.6.2410.02...

CVE-2024-54308

CVE-2024-54308: Stored XSS in Cryptocurrency Price Widget (WordPress). Improper neutralization of input during web page generation allows stored cross-site scripting; affected plugin versions up to 1.2.3. Patch/update to 1.2.3 or later, per Red Hat/Wordfence entries.

CVE-2024-54276

CVE-2024-54276 is a stored XSS in the Poll Builder (WordPress plugin) used forPolls; the affected range is Poll Builder up to version 1.3.5 (no fixed patch documented in provided sources). The vulnerability arises from improper neutralization during web page generation, enabling stored script exe...

CVE-2024-54237 WordPress Ni CRM Lead plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anzia Ni CRM Lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through 1.3.0...

CVE-2024-11832

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JavaScript row settings in all versions up to, and including, 2.8.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...