CVE-2024-30952

A stored cross-site scripting XSS vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action...

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

CVE-2024-32337

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module...

HT Mega < 2.4.7 - Contributor+ Stored XSS via Lightbox Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject...

CVE-2024-32343

Boid CMS v2.1.0 has an XSS vulnerability in the Create Page, exploitable by injecting a crafted payload into the Content parameter. The issue is documented across multiple sources with no explicit exploitation details provided and a CVSS v3.1 base score of 6.1 (MEDIUM), requiring user interaction...

CVE-2024-32342

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter...

CVE-2024-32339

WonderCMS v3.4.3 has multiple XSS vulnerabilities on the HOW TO page. The flaws arise from insufficient input filtering/escaping on the HOW TO page, allowing an attacker to inject arbitrary web scripts/HTML via crafted payloads into parameters. Per sources, this can lead to theft of cookie-based ...

Short URL <= 1.6.8 - Reflected Cross-Site Scripting

Description The Short URL plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

EZ Form Calculator <= 2.14.0.3 - Reflected Cross-Site Scripting

Description The EZ Form Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.14.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-32744

WonderCMS v3.4.3 contains a cross-site scripting (XSS) vulnerability in the Settings section. The flaw allows arbitrary script/HTML execution via a payload in the PAGE KEYWORDS parameter under the CURRENT PAGE module. Public sources confirm the affected component and trigger, but none provide a p...

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...

CVE-2024-32746

CVE-2024-32746 describes an XSS vulnerability in WonderCMS v3.4.3 within the Settings section, exploitable via a crafted payload injected into the MENU parameter under the Menu module. Affected software is WonderCMS 3.4.3; impact is arbitrary script/HTML execution in the user’s browser. Core deta...

CVE-2024-32340

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module...

CVE-2024-32344

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...

CVE-2024-32345

CMSimple v5.15 is affected by a cross-site scripting (XSS) vulnerability in the Settings menu, specifically via the Configuration parameter under Language. The underlying issue is insufficient filtering/escaping of user-supplied data in that parameter, enabling attackers to inject arbitrary web s...

CVE-2024-32342

Boid CMS v2.1.0 is affected by an XSS in the Create Page, exploitable via a crafted payload to the Permalink parameter. The vulnerability arises from improper handling of input in the Create Page flow, allowing attackers to execute arbitrary scripts/HTML in the context of users viewing the affect...

CVE-2024-32344

CMSimple v5.15 is affected by an XSS in the Settings menu, via crafted input in the Language section Edit parameter. The vulnerability arises from insufficient filtering/escaping of user-supplied data in that parameter, enabling arbitrary script/HTML execution. In-the-wild details are not provide...

CVE-2024-32341

CVE-2024-32341 affects WonderCMS v3.4.3, specifically the Home page. The vulnerability is described as multiple XSS flaws that allow an attacker to inject arbitrary web scripts or HTML via crafted payloads into parameters, as noted across multiple sources. Some connected documents describe the im...

CVE-2024-30952

A stored cross-site scripting XSS vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action...

CVE-2024-32338

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module...