CVE-2024-31648

Cross Site Scripting XSS in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/newcategory2...

CVE-2024-31650

CVE-2024-31650 describes a cross-site scripting (XSS) vulnerability in the Cosmetics and Beauty Product Online Store v1.0. The flaw is triggered through a crafted payload in the Last Name parameter, allowing arbitrary web scripts/HTML execution. The NVD entry reports a CVSSv3.1 base score of 9.6 ...

CVE-2024-31651

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...

CVE-2024-31652

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...

CVE-2024-31648

CVE-2024-31648 describes a cross-site scripting (XSS) vulnerability in Insurance Management System v1.0. The issue allows remote attackers to inject arbitrary web scripts or HTML via the Category Name parameter at /core/new_category2, enabling attacker-controlled script execution in the victim’s ...

Royal Elementor Addons < 1.3.95 - Contributor+ Stored Cross-Site Scriting

Description The plugin is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to...

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE < 2.6.9 - Contributor+ Stored Cross-Site Scripting via Block Attributes

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2024-30883

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function...

CVE-2024-30878

A cross-site scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the uploaddrive parameter...

CVE-2024-30880

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function...

CVE-2023-6811

CVE-2023-6811 affects the Language Translate Widget for WordPress – ConveyThis plugin. The vulnerability is a stored cross-site scripting (XSS) via the api_key parameter in all versions up to 223, caused by insufficient input sanitization and output escaping. Exploitation by unauthenticated users...

CVE-2024-30878

A cross-site scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the uploaddrive parameter...

CVE-2024-30879

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function...

CVE-2024-30880

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function...

CVE-2024-30883

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function...

CVE-2024-30878

A cross-site scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the uploaddrive parameter...

CVE-2024-30883

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function...

WebinarPress < 1.33.10 - Reflected Cross-Site Scripting

Description The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.33.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-30880

CVE-2024-30880 maps to a reflected XSS in RageFrame2 v2.6.43. The issue arises in the image cropping function, where a crafted payload is injected via the multiple parameter, enabling remote execution of web scripts and potential leakage of sensitive information. Multiple connected sources (NVD, ...

CVE-2024-30878

RageFrame2 v2.6.43 is described as vulnerable to a cross-site scripting (XSS) flaw that allows remote attackers to execute arbitrary web scripts or HTML and potentially obtain sensitive information via a crafted payload injected into the upload_drive parameter. The cited sources (including Red Ha...