55 matches found
PT-2023-2918 · Mitel · Mitel Mivoice Connect
Name of the Vulnerable Software and Affected Versions: Mitel MiVoice Connect versions through 19.3 SP2 Mitel MiVoice Connect versions 20.x Mitel MiVoice Connect versions 21.x Mitel MiVoice Connect versions 22.x through 22.24.1500.0 Description: The issue is related to insufficient validation for...
CVE-2023-30777
Unauth. Reflected Cross-Site Scripting XSS vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins = 6.1.5 versions...
PT-2023-14582 · Unknown · Squirrly Seo Plugin
Name of the Vulnerable Software and Affected Versions: Squirrly SEO Plugin versions prior to 12.1.20 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them...
Osprey Pump Controller 1.0.1 Cross Site Scripting
Osprey Pump Controller 1.0.1 Unauthenticated Reflected XSS Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mirage...
Osprey Pump Controller 1.0.1 Cross Site Scripting Vulnerability
Osprey Pump Controller 1.0.1 Unauthenticated Reflected XSS Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mirage...
Osprey Pump Controller 1.0.1 Unauthenticated Reflected XSS
Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...
CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...
CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...
CVE-2021-45476 Information disclosure in Yordam Library Information Document Automation Program
Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability...
CVE-2021-38157
LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2021-38157
The CVE-2021-38157 entry concerns LeoStream Connection Broker 9.x prior to 9.0.34.3, which is vulnerable to unauthenticated reflected XSS via the /index.pl endpoint using the user parameter. The root cause is improper handling/validation of user-supplied input on that endpoint, enabling an attack...
WordPress Wisem premium theme <= 1.26 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Wisem premium theme versions = 1.26. Solution 9 June 2021 - Theme removed from the Themeforest repository. Unfortunately, no information about the patched version is available...
Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities
The theme did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues - Unauthenticated Reflected XSS | Search query, vulnerable parameters: keywordsearch and locationsearch - Authenticated Persistent XSS & XFS |...
WordPress Cooked Pro premium plugin <= 1.7.5.5 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Jinson Varghese Behanan in WordPress Cooked Pro premium plugin versions = 1.7.5.5. Solution Update the WordPress Cooked Pro premium plugin to the latest available version at least 1.7.5.6...
Real Estate 7 < 3.0.5 - Unauthenticated Reflected XSS
An Unauthenticated Reflected XSS vulnerability was discovered in the Real Estate 7 theme v3.0.4 for WordPress. Vulnerable parameters: ctsqftfrom, ctsqftto, ctlotsizefrom, ctlotsizeto, ctmls. Edit WPScanTeam: The issue has been hot-fixed in 3.0.4. So the fixed in has been set to 3.0.5 the next...
Real Estate 7 < 3.0.5 - Unauthenticated Reflected XSS
An Unauthenticated Reflected XSS vulnerability was discovered in the Real Estate 7 theme v3.0.4 for WordPress. Vulnerable parameters: ctsqftfrom, ctsqftto, ctlotsizefrom, ctlotsizeto, ctmls. Edit WPScanTeam: The issue has been hot-fixed in 3.0.4. So the fixed in has been set to 3.0.5 the next...
CVE-2020-16847
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887...
JobCareer < 3.5 - Multiple Cross-Site Scripting (XSS)
An Unauthenticated Reflected & Authenticated Persistent XSS vulnerabilities were discovered in the JobCareer theme through 3.4 for WordPress. Unauthenticated Reflected XSS - Vulnerable parameters: jobtitle, specialisms, location Authenticated Persistent XSS on Employer Profile - «Complete Address...
CarePlus <= 1.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)
An Unauthenticated Reflected XSS vulnerability was discovered in the CarePlus theme through 1.2 for WordPress. https://example.com/?s=%22%20autofocus%20onfocus=alertXSS;%20%22%3E...
WordPress Theme NexosReal Estate 1.7 - 'search_order' SQL Injection
Exploit Title: WordPress Theme NexosReal Estate 1.7 - 'searchorder' SQL Injection Google Dork: inurl:/wp-content/themes/nexos/ Date: 2020-06-17 Exploit Author: Vlad Vector Vendor: Sanljiljan https://themeforest.net/user/sanljiljan Software Version: 1.7 Software Link:...