6239 matches found
CVE-2024-2299
A stored Cross-Site Scripting XSS vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. Attackers can exploit this vulnerability by uploading malicious HTML files containing JavaScript code, which is...
CVE-2024-3579 XSS in Online Shopping System Advanced
Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting XSS. An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser...
WordPress plugin HT Mega 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Beaver Builder plugin <= 2.8.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via photo widget crop attribute vulnerability discovered by Thanh Nam Tran in WordPress Plugin Beaver Builder versions = 2.8.1.2...
Dell OpenManage Enterprise Cross-Site Scripting Vulnerability
Dell OpenManage Enterprise is an easy-to-use, one-to-many systems management console for IT infrastructure management from Dell. The software supports cost-effective, comprehensive lifecycle management of Dell EMC PowerEdge servers from a single console. A cross-site scripting vulnerability exist...
PT-2024-28717 · WordPress · Ht Mega – Absolute Addons For Elementor
Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.5.0 Description: The issue is related to Stored Cross-Site Scripting via the Tooltip & Popover Widget due to insufficient input sanitization and...
PT-2024-25869 · Unknown · Toidicode.Com
Name of the Vulnerable Software and Affected Versions: Toidicode.Com thanhtaivtt Viet Nam Affiliate versions through 1.0.0 Description: The issue affects the Viet Nam Affiliate, allowing for Stored XSS due to improper neutralization of input during web page generation. Recommendations: For versio...
CVE-2024-31156
A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-34255
jizhicms v2.5.1 contains a Cross-Site ScriptingXSS vulnerability in the message function...
theurbansalon.com Cross Site Scripting vulnerability OBB-3926850
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
z.ifushaar.com Cross Site Scripting vulnerability OBB-3926640
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-34255
jizhicms v2.5.1 contains a Cross-Site ScriptingXSS vulnerability in the message function...
iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)
Exploit Title: iboss Secure Web Gateway - Stored Cross-Site Scripting XSS Date: 4/4/2024 Exploit Author: modrnProph3t Vendor Homepage: https://www.iboss.com Version: userName=TEST&x=TEST&action=login&redirectUrl= 3. Insert XSS payload into the "redirectUrl" parameter Example of request with...
WordPress WP etracker plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Hiro Patchstack Alliance in WordPress Plugin WP etracker versions = 1.0.2...
CVE-2024-34373 WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through = 5.4.2...
empleolatino.net Cross Site Scripting vulnerability OBB-3926154
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
kvsecurity.com Cross Site Scripting vulnerability OBB-3925912
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-33934
CVE-2024-33934 affects Mini Loops WordPress plugin (versions
CVE-2024-4203
The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-2503
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid Widget in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping on user supplied tags. This makes it possible for authenticated...