CVE-2023-52292

IBM Sterling File Gateway versions 6.0.0.0–6.1.2.5 and 6.2.0.0–6.2.0.3 are affected by a stored cross-site scripting vulnerability that enables embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Remediation from the IBM bulletin a...

WordPress GDReseller plugin <= 1.6 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin GDReseller versions = 1.6...

CVE-2024-11203 EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name'

The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘providername parameter in all versions up to, and including, 4.1.3 due t...

CVE-2024-51494 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when editing a device's port settings. This vulnerability...

EditableTable <= 0.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create a new EDTB and put the following payload in the Table Name, Column Name or Column...