CVE-2024-8482

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-44033 WordPress Primary Addon for Elementor plugin <= 1.5.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nicheaddons Primary Addon for Elementor primary-addon-for-elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through = 1.5.7...

CVE-2024-47349 WordPress WPMobile.App plugin <= 11.50 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through = 11.50...

CVE-2024-47383

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Webangon The Pack Elementor addons allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through 2.0.8.8...

CVE-2024-47629 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.5...

CVE-2024-47847 Various XSSes found in Cargo

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting XSS.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1...

CVE-2024-47847 Various XSSes found in Cargo

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting XSS.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1...

CVE-2024-38038

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2024-8802

The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

WordPress Product Delivery Date for WooCommerce – Lite plugin <= 2.7.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Product Delivery Date for WooCommerce – Lite versions = 2.7.3...

CVE-2024-8282

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. Thi...

WordPress Optin Hound Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Optin Hound Type Plugin Vulnerable versions = 1.4.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9267 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 08d5a68f0d8b Credits Francesco Carlucci...

WordPress plugin Auto Featured Image from Title 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

WordPress Advanced Woo Labels Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Woo Labels Type Plugin Vulnerable versions = 2.01 Fixed in 2.02 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47622 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9dc287c181e2 Credits savphill Required privilege...

CVE-2024-9283 RelaxedJS ReLaXed Pug to PDF Converter cross site scripting

A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public an...

Projectworlds Online Voting System 安全漏洞

Projectworlds Online Voting System is an online voting system from Projectworlds India. A security vulnerability exists in Projectworlds Online Voting System version 1.0, which stems from the vulnerability to stored cross-site scripting attacks when registering an account using a malicious...

WordPress Themesflat Addons For Elementor plugin <= 2.2.1 - Multiple Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Multiple Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin themesflat-addons-for-elementor versions = 2.2.1...

WordPress plugin Graphicsly 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

PT-2024-39166 · WordPress · The Shoplentor

Name of the Vulnerable Software and Affected Versions: The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution plugin for WordPress versions up to, and including, 2.9.7 Description: The issue is related to Stored Cross-Site Scripting via the tooltip and...

Microsoft Edge Cross-Site Scripting Vulnerability (CNVD-2024-39366)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge suffers from a cross-site scripting vulnerability that stems from the presence of a spoofing vulnerability. No detailed vulnerability details are provided at this time...