CVE-2024-30952

A stored cross-site scripting XSS vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action...

CVE-2024-32338

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module...

CVE-2024-32338

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module...

CVE-2024-32344

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...

CVE-2024-30952

PESCMS-TEAM v2.3.6 contains a stored XSS vulnerability exploitable via a crafted payload in the domain input field at /youdoamin/?g=Team&m=Setting&a=action. Affected component: domain input handling in the API endpoint; impact: execution of arbitrary web scripts/HTML. Some sources mention a tempo...

CVE-2024-32744

WonderCMS v3.4.3 contains a cross-site scripting (XSS) vulnerability in the Settings section. The flaw allows arbitrary script/HTML execution via a payload in the PAGE KEYWORDS parameter under the CURRENT PAGE module. Public sources confirm the affected component and trigger, but none provide a p...

CVE-2024-3067

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

CVE-2024-3672

The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. This makes it...

CVE-2024-3067

CVE-2024-3067 (WooCommerce Google Feed Manager) : WordPress plugin vulnerable to SQL Injection via the id parameter in all versions up to 2.4.2 due to insufficient escaping in the SQL query; authenticated admins (and above) can inject additional SQL to extract data, and unauthenticated users coul...

CVE-2024-3867 Tainacan Interface <= 2.7.2 - Reflected Cross-Site Scripting

The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in version 2.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if...

CVE-2024-3867

CVE-2024-3867 affects the WordPress theme archive-tainacan-collection, up to version 2.7.2. The root cause is Reflected Cross-Site Scripting due to using add_query_arg without proper escaping, enabling unauthenticated attackers to inject scripts in pages that execute when a user clicks a link. Pu...

CVE-2024-31648

Cross Site Scripting XSS in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/newcategory2...

CVE-2024-31649

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...

CVE-2024-31650

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter...

CVE-2024-31649

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...

CVE-2024-31648

Cross Site Scripting XSS in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/newcategory2...

Tainacan Interface < 2.7.2 - Reflected Cross-Site Scripting

Description The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in version 2.7.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

CVE-2024-31649

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...

CVE-2024-31652

Cosmetics and Beauty Product Online Store (version 1.0) has a cross-site scripting (XSS) vulnerability exploitable via a crafted payload in the Search parameter. Affected component: the Search input handling in the web app. Root cause: reflected XSS allowing arbitrary web scripts/HTML to execute ...

CVE-2024-31650

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter...