CVE-2024-40727

NetBox v4.0.3 contains an XSS vulnerability in the /dcim/console-server-ports/add/ endpoint. A crafted payload inserted into the Name parameter can execute arbitrary web scripts/HTML in the context of the affected page. Root cause: insufficient filtering/escaping of user-supplied data leading to ...

CVE-2024-40737

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add...

CVE-2024-40726

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/id/edit/...

CVE-2024-39203

A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-39203

A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-39174

A cross-site scripting XSS vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article...

CVE-2024-39174

A cross-site scripting XSS vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article...

CVE-2024-39174

A cross-site scripting XSS vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article...

CVE-2024-39174

CVE-2024-39174 affects yzmcms v7.1, where the Publish Article function is vulnerable to cross-site scripting (XSS) via a crafted payload injected into a published article. The issue is described consistently across sources (RH, NVD, OSV, CNNVD, CVE listings) as a reflected/stored-style XSS vulner...

CVE-2024-39248

A cross-site scripting XSS vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php...

CVE-2024-39248

A cross-site scripting XSS vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php...

CVE-2024-39248

A cross-site scripting XSS vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php...

CVE-2024-39248

SimpCMS v0.1 is affected by an XSS in the Title field at /admin.php. Root cause cited across sources is lack of proper filtering/escaping of user input, enabling arbitrary web script or HTML execution. Impacted functionality is the admin input for the Title, with the potential for full script exe...

CVE-2024-4268

CVE-2024-4268 – Ultimate Blocks (WordPress Blocks Plugin) vulnerable to a Stored XSS in all versions up to 3.1.9 due to insufficient input sanitization and output escaping on user-supplied attributes. Requires authenticated access (Contributor+) to inject scripts that run when users load injected...

CVE-2024-5544 Media Library Assistant <= 3.17 - Reflected Cross-Site Scripting

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2024-5544

CVE-2024-5544 affects the WordPress plugin Media Library Assistant. The vulnerability is a Reflected Cross-Site Scripting flaw in the order parameter present in all versions up to and including 3.17, caused by insufficient input sanitization and output escaping. The issue enables unauthenticated ...

CVE-2024-5544 Media Library Assistant <= 3.17 - Reflected Cross-Site Scripting

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2024-1427 The Post Grid <= 7.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user...

CVE-2023-4017

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

CVE-2023-4017 Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...