Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting

The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page. id: CVE-2021-25065 info: name: Smash Balloon Social Post Feed 4.1.1 - Authenticated Reflected Cross-Site Scripting author: Harsh severity: medium description: | The plugin was affected by a reflected XSS in...

Nordex NC2 - Cross-Site Scripting

Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. id:...

SourceBans <2.0 - Cross-Site Scripting

SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. id: CVE-2015-8349 info: name: SourceBans 2.0 - Cross-Site Scripting author: pikpikcu severity: medium description:...

Netsweeper 4.0.4 - Cross-Site Scripting

A cross-site scripting vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. id: CVE-2014-9615 info: name: Netsweeper 4.0.4 - Cross-Site Scripting author: daffainfo severity: medium description: A...

WordPress Simpel Reserveren <=3.5.2 - Cross-Site Scripting

WordPress plugin Simpel Reserveren 3.5.2 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

WordPress Tidio Gallery <=1.1 - Cross-Site Scripting

WordPress plugin tidio-gallery v1.1 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

WordPress AJAX Random Post <=2.00 - Cross-Site Scripting

WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting. id: CVE-2016-1000127 info: name: WordPress AJAX Random Post =2.00 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting...

Magmi 0.7.22 - Cross-Site Scripting

Magmi 0.7.22 contains a cross-site scripting vulnerability due to insufficient filtration of user-supplied data prefix passed to the magmi-git-master/magmi/web/ajaxgettime.php URL. id: CVE-2017-7391 info: name: Magmi 0.7.22 - Cross-Site Scripting author: pikpikcu severity: medium description: Mag...

Custom Search by BestWebSoft < 1.36 - Cross-Site Scripting

The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues. id: CVE-2017-18494 info: name: Custom Search by BestWebSoft 1.36 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The custom-search-plugin plugin before 1.36 for WordPress has multiple X...

Django Debug Page - Cross-Site Scripting

Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances DEBUG=True are present to allow a cross-site scripting attack. id: CVE-2017-12794 info: name: Django Debug Page -...

SMTP by BestWebSoft < 1.1.0 - Cross-Site Scripting

The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. id: CVE-2017-18518 info: name: SMTP by BestWebSoft 1.1.0 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. impact: |...

WordPress Hero Maps Pro 2.1.0 - Cross-Site Scripting

WordPress Hero Maps Pro 2.1.0 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site Scripting

WordPress 2kb Amazon Affiliates Store plugin before 2.1.1 contains multiple cross-site scripting vulnerabilities. The plugin allows an attacker to inject arbitrary web script or HTML via the 1 page parameter or 2 kbAction parameter in the kbAmz page to wp-admin/admin.php, thus making possible the...

User Role by BestWebSoft < 1.5.6 - Cross-Site Scripting

The user-role plugin before 1.5.6 for WordPress has multiple XSS issues. id: CVE-2017-18566 info: name: User Role by BestWebSoft 1.5.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The user-role plugin before 1.5.6 for WordPress has multiple XSS issues. impact: |...

Htaccess by BestWebSoft < 1.7.6 - Cross-Site Scripting

The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. id: CVE-2017-18496 info: name: Htaccess by BestWebSoft 1.7.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. impact: |...

WordPress < 4.9.1 - Authenticated JavaScript File Upload

WordPress before 4.9.1 contains a cross-site scripting caused by not requiring unfilteredhtml capability for uploading .js files in functions.php, letting remote attackers execute scripts via crafted files, exploit requires upload permissions. id: CVE-2017-17092 info: name: WordPress 4.9.1 -...

SiYuan Note - Cross-Site Scripting

SiYuan Note through version 3.6.1 is vulnerable to unauthenticated reflected Cross-Site Scripting XSS in the /api/icon/getDynamicIcon endpoint due to improper filtering of SVG elements with a namespace prefix such as . By using a namespaced script element, attackers can bypass the SanitizeSVG...

Hostel < 1.1.5.3 - Cross-Site Scripting

The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-3753 info: name: Hostel 1.1.5.3 - Cross-Site Scriptin...

mojoPortal 2.7.0.0 - Cross-Site Scripting

mojoPortal 2.7.0.0 contains a cross-site scripting vulnerability in the FileDialog.aspx component, which can allow an attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters. id: CVE-2023-24322 info: name: mojoPortal 2.7.0.0 - Cross-Site...

WWBN AVideo 11.6 - Cross-Site Scripting

A reflected XSS vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff, allowing arbitrary Javascript execution. id: CVE-2023-48728 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: ritikchaddha severity: medium...