54 matches found
CVE-2026-35013
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...
CVE-2026-35013 Open ISES Tickets < 3.44.2 Reflected XSS via street_view.php thelat and thelng Parameters
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...
CVE-2026-35013
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...
CVE-2026-35013
Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in street_view.php. The vulnerability lets authenticated attackers inject arbitrary JavaScript by passing unsanitized values in thelat and thelng GET parameters, which get embedded into JavaScript variable assignments and executed i...
CVE-2026-35013 Open ISES Tickets < 3.44.2 Reflected XSS via street_view.php thelat and thelng Parameters
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...
EUVD-2026-31185
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting vulnerability in the streetview.php file...
CVE-2026-0563
The WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpgsvmap' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-0563
The WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpgsvmap' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-0563 WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpgsv_map' Shortcode
The WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpgsvmap' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-0563 WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpgsv_map' Shortcode
The WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpgsvmap' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-0563
CVE-2026-0563 affects the WordPress plugin “WP Google Street View (with 360° virtual tour) & Google maps + Local SEO” and the vulnerability is a Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the wpgsv_map shortcode. The flaw enables an attacker with at ...
WordPress plugin WP Google Street View (with 360° virtual tour) & Google maps + Local SEO 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to set up a personal blog site on a PHP and MySQL based...
WordPress WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpgsv_map' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'wpgsvmap' Shortcode vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin WP Google Street View versions = 1.1.8...
CVE-2025-11808
The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...
CVE-2025-11808
The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...
CVE-2025-11808 Shortcode for Google Street View <= 0.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...
CVE-2025-11808
CVE-2025-11808 concerns the WordPress plugin “Shortcode for Google Street View” (Shortcode for Google Street View, plugin slug wp-google-street-view-shortcode). The vulnerability is a Stored Cross-Site Scripting (XSS) via the streetview shortcode, in all versions up to and including 0.5.7, caused...
CVE-2025-11808 Shortcode for Google Street View <= 0.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...
PT-2025-47705
The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...