55 matches found
Golo < 1.3.3 - Unauthenticated Reflected XSS
An Unauthenticated Reflected XSS vulnerability was discovered in the Golo theme v1.3.2 for WordPress. https://example.com/?s=%22%3E%3Cimg+src%3Dx+onerror%3DalertXSS%2F%2F%22%3E&posttype=place...
Workio – Job Board < 1.0.3 - Unauthenticated Reflected XSS
Unauthenticated Reflected XSS vulnerability was discovered in the «Workio – Job Board WordPress Theme», tested version — v1.0.1. https://www.demoapus-wp1.com/workio/jobs-grid-v1/?filter-title=%22%3E%3Cimg%20src=x%20onerror=alertXSS%3E...
WordPress Findgo premium theme <= 1.3.30 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Findgo premium theme versions = 1.3.30. Solution Update the WordPress Findgo premium theme to the latest available version at least =1.3.32...
Prolisting - Directory Listing < 1.27 - Unauthenticated Reflected XSS
Unauthenticated Reflected XSS vulnerability was discovered in the «Prolisting - Directory Listing WordPress Theme», tested version — v1.2. https://demoapus.com/prolisting/listings/?searchdistance=%22%3E%3Cimg%20src=x%20onerror=alertXSS%3E...
Auth0 < 3.11.3 - Unauthenticated Reflected XSS via wle Parameter
XSS via a wle parameter associated with wp-login.php. WP/wp-login.php?wle=%22%20onEvent%3DX186697040Y2Z%20...
Real Estate 7 < 2.9.5 - Multiple Vulnerabilities
Multiple vulnerabilities was discovered in the 'Real Estate 7 WordPress', tested version — v2.9.4: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - Authenticated Persistent Self-XSS - IDOR - Information Exposure Edit WPScanTeam: January 12th - Report Received & Envato Contacted...
CVE-2019-18926
Systematic IRIS Standards Management ISM v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting XSS. A user input related to dialog information is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the...
JobMonster < 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting
In the theme JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. Note WPScanTeam: It's unclear which exact version fixed the issue, but the lowest we were able to test and confirm remediation was 4.5.2.9...
Gallery Photoblocks < 1.1.41 - Unauthenticated Reflected XSS
Also Full Path Disclosure depending on the configuration of the server https:///wp-content/plugins/photoblocks-grid-gallery/admin/partials/photoblocks-edit.php?id="...
CVE-2019-11604
An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbotservicenotsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not...
Input validation
An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbotservicenotsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not...
CVE-2019-11604
An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbotservicenotsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not...
CVE-2018-12090
There is unauthenticated reflected cross-site scripting XSS in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change...
e-search <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The e-search WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/e-search/tmpl/dateselect.php?date-from=""...
Podcast Channels < 0.28 - Unauthenticated Reflected XSS
The Podcast Channels WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability. PoC http://127.0.0.1/wp-content/plugins/podcast–channels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&...