Wordpress WPMobile.App >= 11.42 - Cross-Site Scripting

WPMobile.App versions up to 11.41 contain a reflected cross-site scripting XSS caused by improper input neutralization during web page generation, letting attackers execute scripts in the victim's browser, exploit requires attacker to craft malicious input. id: CVE-2024-35694 info: name: Wordpres...

YITH WooCommerce Ajax Search <= 2.4.0 - Cross-Site Scripting

The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'queryString' parameter in the REST API endpoint /ywcas/v1/register in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. id: CVE-2024-4455 info...

Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting

The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. id: CVE-2024-6517 info: name: Contact Form 7 Math Captcha =...

Ganglia Web Interface (v3.7.3 - v3.7.5) - Cross-Site Scripting

A cross-site scripting XSS vulnerability in the component /graphallperiods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter. id: CVE-2024-52763 info: name: Ganglia Web Interface v3.7.3 - v3.7.5 -...

Heimdall Application Dashboard < 2.7.3 - Reflected XSS

LinuxServer.io Heimdall 2.7.3 contains a stored XSS caused by improper sanitization of the "q" parameter, letting remote attackers execute scripts, exploit requires crafted input. id: CVE-2025-54597 info: name: Heimdall Application Dashboard 2.7.3 - Reflected XSS author: 0xAkoko severity: medium...

eyoucms v.1.6.5 - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. id: CVE-2024-22927 info: name: eyoucms v.1.6.5 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS...

RiteCMS 3.0.0 - Cross-site Scripting

RiteCMS v3.0.0 contains a reflected XSS caused by unsanitized input in the mainmenu/editsection component, letting attackers execute arbitrary scripts in the context of the victim's browser. id: CVE-2024-28623 info: name: RiteCMS 3.0.0 - Cross-site Scripting author: 0xAkoko severity: medium...

WordPress User Messages <= 1.2.4 - Reflected XSS

WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...

WWBN AVideo 11.6 - Cross-Site Scripting

WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'success' parameter, which is inserted into the document with insufficient sanitization. id: CVE-2022-32771 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: arafatansari severity:...

WordPress WPB Show Core - Cross-Site Scripting

WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability via admin/inc/navigation.php:125. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-bas...

LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...

OpenEMR < 7.0.1 - Cross-Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr prior to 7.0.1. id: CVE-2023-2948 info: name: OpenEMR 7.0.1 - Cross-Site Scripting author: ritikchaddha,princechaddha severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr...

ZEROF Web Server 2.0 - Cross-Site Scripting

ZEROF Web Server 2.0 allows /admin.back cross-site scripting. id: CVE-2022-25323 info: name: ZEROF Web Server 2.0 - Cross-Site Scripting author: pikpikcu severity: medium description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting. impact: | Successful exploitation of this...

JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...

MagnusBilling Login Logs - Cross-Site Scripting

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is...

Broadstreet WordPress plugin - Reflected XSS

Broadstreet WordPress plugin 1.51.8 contains a reflected XSS caused by unsanitised and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires victim interaction. id: CVE-2025-4652 info: name: Broadstreet WordPress plugin -...

SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting

SAP Knowledge Warehouse 7.30, 7.31, 7.40, and 7.50 contain a reflected cross-site scripting vulnerability via the usage of one SAP KW component within a web browser. id: CVE-2021-42063 info: name: SAP Knowledge Warehouse =7.5.1 to mitigate the XSS vulnerability. reference: -...

WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting

WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via playlist.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

IceWarp WebMail 11.3.1.5 - Cross-Site Scripting

IceWarp WebMail 11.3.1.5 is vulnerable to cross-site scripting via the language parameter. id: CVE-2017-7855 info: name: IceWarp WebMail 11.3.1.5 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | IceWarp WebMail 11.3.1.5 is vulnerable to cross-site scripting via the language...