CVE-2024-8274

The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timelineobj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2023-46094

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin = 6.5.3 versions...

CVE-2022-4712

The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute wheneve...

PT-2023-27198 · Vcita · Vcita Online Booking & Scheduling Calendar

Name of the Vulnerable Software and Affected Versions: vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin versions = 4.3.2 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into...

CVE-2023-30481

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin = 3.2.4 versions...

PT-2023-21955 · Vladimir Statsenko · Terms Descriptions Plugin

Name of the Vulnerable Software and Affected Versions: Vladimir Statsenko Terms descriptions plugin versions = 3.4.4 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a...

PT-2023-19363 · WordPress · The Photo Gallery Slideshow & Masonry Tiled Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress versions up to, and including, 1.0.13 Description: The issue arises from insufficient input sanitization and output escaping, making it possible for unauthenticated...

PT-2023-12474 · WordPress · Wp Quick Frontend Editor

Name of the Vulnerable Software and Affected Versions: WP Quick FrontEnd Editor plugin for WordPress versions up to, and including, 5.5 Description: The issue arises from insufficient input sanitization and output escaping on the save content front function, which uses print r on user-supplied $...

PT-2023-23996 · Mitel · Mitel Mivoice Connect

Name of the Vulnerable Software and Affected Versions: Mitel MiVoice Connect versions through 19.3 SP2 22.24.1500.0 Description: The Linux DVS server component could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control...

CVE-2023-27108

An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allow...

CVE-2023-28341

Stored Cross site scripting XSS vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page...

PT-2023-13672 · WordPress · Monsterinsights

Name of the Vulnerable Software and Affected Versions: MonsterInsights WordPress plugin versions prior to 8.9.1 Description: The issue allows an unauthenticated attacker to inject arbitrary web scripts into page titles by spoofing requests to Google Analytics, due to the lack of sanitization or...

CVE-2022-39800

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited...

PT-2022-16691 · WordPress · Freemind Wp Browser

Name of the Vulnerable Software and Affected Versions: FreeMind WP Browser plugin for WordPress versions up to, and including 1.2 Description: The issue is due to missing nonce protection on the FreemindOptions function found in the /freemind-wp-browser.php file. This allows unauthenticated...

PT-2022-14256 · WordPress · Dx Share Selection

Name of the Vulnerable Software and Affected Versions: DX Share Selection plugin for WordPress versions up to, and including 1.4 Description: The issue is due to missing nonce protection on the dxss admin page function found in the /dx-share-selection.php file, making it possible for...

CVE-2018-5384

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...

CVE-2018-5384

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...

CVE-2018-5384 Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...

ASMAX AR 804 gu Web Management Console Arbitrary Command Exec

Exploit for hardware platform in category remote exploits ============================================================= ASMAX AR 804 gu Web Management Console Arbitrary Command Exec ============================================================= 1. ASMAX 804 gu router is a SOHO class device. It...