1122308 matches found
WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting
WordPress Skaut Bazar plugin before 1.3.3 contains a reflected cross-site scripting vulnerability due to the use of $SERVER'PHPSELF' in the /skaut-bazar.php file, which allows attackers to inject arbitrary web scripts. id: CVE-2021-34643 info: name: WordPress Skaut Bazar 1.3.3 - Cross-Site...
WebTareas 2.4p5 - Cross-Site Scripting
webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. id: CVE-2022-44957 info: name: WebTareas...
CandidATS 3.0.0 - Cross-Site Scripting.
CandidATS 3.0.0 contains a cross-site scripting vulnerability via the indexFile parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
Vehicle Service Management System 1.0 - Stored Cross Site Scripting
Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Service List section in login panel. id: CVE-2021-46072 info: name: Vehicle Service Management System 1.0 - Stored Cross Site Scripting author: TenBird severity: medium description: | Vehicle Servic...
WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting
The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the album's name before outputting it in pages or posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting XSS attacks even when the unfiltered-html capabilit...
ehicle Service Management System 1.0 - Cross-Site Scripting
Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel. id: CVE-2021-46071 info: name: ehicle Service Management System 1.0 - Cross-Site Scripting author: TenBird severity: medium description: | Vehicle Service...
RevealJS postMessage <4.3.0 - Cross-Site Scripting
RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model. id: CVE-2022-0776 info: name: RevealJS postMessage 4.3.0 - Cross-Site Scripting author: LogicalHunter severity: medium description: RevealJS postMessage before 4.3.0 contains a cross-sit...
XWiki - Cross-Site Scripting
XWiki is vulnerable to reflected Cross-Site Scripting XSS via the viewer=changes endpoint. The rev2 parameter is not properly sanitised before being rendered in the response, allowing an attacker to inject arbitrary JavaScript. Affects XWiki versions prior to the patched release. id: CVE-2026-401...
VvvebJs <= 2.0.5 - Cross-Site Scripting
Givanz Vvvebjs = 2.0.5 contains a stored XSS caused by manipulation of the "uploadAllowExtensions" argument in upload.php File Upload Endpoint, letting remote attackers execute scripts, exploit requires crafted input. id: CVE-2026-5615 info: name: VvvebJs = 2.0.5 - Cross-Site Scripting author:...
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter. id: CVE-2021-40968 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat...
Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting
Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305. id: CVE-2021-41349 info: name: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting author: rootxharsh,iamnoooob severity: medium description: Microsoft Exchange...
NetBiblio WebOPAC - Cross-Site Scripting
NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia module through /NetBiblio/search/shortview via the searchTerm parameter. id: CVE-2021-42551 info: name: NetBiblio WebOPAC - Cross-Site Scripting author: compr00t severity: medium...
WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting
WordPress Embed Swagger plugin 1.0.0 and prior contains a reflected cross-site scripting vulnerability due to insufficient escaping/sanitization and validation via the url parameter found in the /swagger-iframe.php file, which allows attackers to inject arbitrary web scripts onto the page. id:...
Centos Web Panel 0.9.8.480 - Local File Inclusion
Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this version. id: CVE-2018-18323 info: name: Centos Web Panel 0.9.8.480 - Local File Inclusion author:...
Apache2 - Transfer-Encoding Chunked XSS
Apache2 PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 contain a reflected cross-site scripting vulnerability caused by mishandling of chunked transfer-encoding requests in sapi/apache2handler/sapiapache2.c. Attackers can execute malicious scripts via crafted...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field. id: CVE-2018-19749 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider-account.php Username field. id: CVE-2018-20010 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version 4.11.01 is...
Microstrategy Web 7 - Cross-Site Scripting
Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter. id: CVE-2018-18775 info: name: Microstrategy Web 7 - Cross-Site Scripting author: 0xAkoko severity: medium description: Microstrategy Web 7 does not...
WordPress WP JobSearch <1.5.1 - Cross-Site Scripting
WordPress WP JobSearch plugin prior to 1.5.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...
Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting
Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter. id: CVE-2019-14696 info: name: Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting author: pikpikcu severity: medium description: Open-School 3.0, and...