5210 matches found
CVE-2020-19949
A cross-site scripting XSS vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-19950
A cross-site scripting XSS vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML...
Cross site scripting
A cross-site scripting XSS vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-19950
A cross-site scripting XSS vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-19949
A cross-site scripting XSS vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML...
Cross site scripting
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field...
CVE-2021-34650
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the /admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6...
CVE-2021-34650 eID Easy <= 4.6 Reflected Cross-Site Scripting
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the /admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6...
CVE-2021-34650 eID Easy <= 4.6 Reflected Cross-Site Scripting
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the /admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6...
Cross site scripting
The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the loadpreviews function found in the /OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0...
CVE-2021-39325 OptinMonster <= 2.6.0 Reflected Cross-Site Scripting
The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the loadpreviews function found in the /OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0...
eID Easy < 4.7 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the /admin.php file which allows attackers to inject arbitrary web scripts...
CVE-2021-38338
The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the f and t parameter found in the /titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1...
CVE-2021-38340
The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the updaterow parameter found in the /includes/addproduct.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...
CVE-2021-38349
The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the errordescription parameter found in the /templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1...
CVE-2021-38355
The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the /bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3...
CVE-2021-38330
The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4...
CVE-2021-38329
The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2...
CVE-2021-38337
The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1...
Cross site scripting
The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1...