159 matches found
CVE-2026-3604
The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseoativetab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2022-55991
WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrar...
CVE-2022-50970
WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrar...
CVE-2022-50970
WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrar...
CVE-2022-50970 WordPress Plugin AAWP 3.16 Reflected XSS via tab Parameter
WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrar...
CVE-2022-50970 WordPress Plugin AAWP 3.16 Reflected XSS via tab Parameter
WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrar...
CVE-2022-50970
CVE-2022-50970 affects WordPress Plugin AAWP 3.16. It describes a reflected XSS vulnerability in the aawp-settings admin page, where an attacker can craft a URL with a payload in the tab parameter to execute arbitrary JavaScript in the context of authenticated users. The vulnerability is triggere...
PT-2026-39495
WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrar...
CVE-2026-6711
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filterinput without a sanitization filter and insufficient output escaping. This makes it possible for...
CVE-2026-6711
The CVE-2026-6711 entry concerns the Website LLMs.txt WordPress plugin (versions up to 8.2.6). The vulnerability is Reflected Cross-Site Scripting via the tab parameter, caused by use of filter_input() without a sanitization filter and insufficient output escaping. This allows unauthenticated att...
CVE-2026-6711 Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filterinput without a sanitization filter and insufficient output escaping. This makes it possible for...
CVE-2026-6711 Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filterinput without a sanitization filter and insufficient output escaping. This makes it possible for...
CVE-2026-6711
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filterinput without a sanitization filter and insufficient output escaping. This makes it possible for...
EUVD-2026-24071
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filterinput without a sanitization filter and insufficient output escaping. This makes it possible for...
PT-2026-33920
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filter input without a sanitization filter and insufficient output escaping. This makes it possible for...
CVE-2019-25663 SuiteCRM 7.10.7 SQL Injection via parentTab Parameter
SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection...
SuiteCRM SQL注入漏洞
SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Version 7.10.7 of SuiteCRM has a SQL injection vulnerability. This vulnerability stems from the parentTab parameter, which allows for SQL injections. It is possible for authenticated attackers to manipulate...
PT-2026-30472
SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection...
CVE-2025-31510
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting XSS allows remote attackers to inject arbitrary web script or HTML into the login page via the tab parameter, for Choice authentication...
CVE-2025-31510
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting XSS allows remote attackers to inject arbitrary web script or HTML into the login page via the tab parameter, for Choice authentication...