1456 matches found
CVE-2021-24509
The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvcstats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the...
UBUNTU-CVE-2021-36563
The CheckMK management web console versions 1.5.0 to 2.0.0 does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other client-side scripts, the XSS...
CVE-2021-25790
Multiple stored cross site scripting XSS vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number...
CVE-2021-24420
The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table...
CVE-2021-34620
The WP Fluent Forms plugin 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions...
WordPress 跨站请求伪造漏洞
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A cross-site request forgery vulnerability exists in versions of WordPress WP Fluent Forms plugin prior ...
CVE-2020-36409
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module...
PHPList Cross-Site Scripting Vulnerability (CNVD-2021-48871)
phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist version 3.5.3. The vulnerability can be exploited to execute arbitrary web script or HTML via the "List Description" field under the "Edit List" module...
PYSEC-2021-147
in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive...
CVE-2021-30003
An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add urladdress...
Multiple cross-site scripting vulnerabilities in GROWI
Overview GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters CWE-79 - CVE-2021-20672 Stored cross-site scripting vulnerability in Admin Page CWE-79...
Chatbox Cross-Site Scripting Vulnerability
GIST Chatbox is an intelligent product from GIST USA that provides forms and 24/7 automated meeting scheduling to increase website conversions. A cross-site scripting vulnerability exists in Chatbox, which stems from an unrestricted file upload in the chatbox, which can lead to the storage of XSS...
CVE-2020-35834
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10...
CVE-2020-35837
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10...
CVE-2020-35816
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30,...
CVE-2020-35805
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30,...
desknet's NEO vulnerable to cross-site scripting
Overview desknet's NEO provided by NEOJAPAN Inc. contains a stored cross-site scripting vulnerability CWE-79. Ryo Sato of BroadBand Security,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...
CVE-2020-27459
Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed...
CVE-2020-24416
Marketo Sales Insight plugin version 1.4355 and earlier is affected by a blind stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to...
CVE-2020-24416
Marketo Sales Insight plugin version 1.4355 and earlier is affected by a blind stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to...