CVE-2025-41036

CVE-2025-41036 describes a stored authenticated XSS in appRain CMF v4.0.5 caused by insufficient validation of input in the admin account edit path. Specifically, the vulnerable parameters are data[Admin][description], data[Admin][f_name], and data[Admin][l_name] submitted to /apprain/admin/accou...

PHPGurukul Online Banquet Booking System 代码注入漏洞

Online Banquet Booking System is an online banquet booking system. A cross-site scripting vulnerability exists in Online Banquet Booking System, which stems from ineffective filtering of inputs to the searchdata parameter in the /admin/booking-search.php file. No details of the vulnerability are...

CVE-2019-15318

The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field...

UBUNTU-CVE-2024-43442

Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in OTRS System Configuration modules and OTRS Community Edition allows Cross-Site Scripting XSS within the System Configuration targeting other admins. This issue affects: OTRS from 7.0.X through...

CVE-2024-0898

The Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This mak...

CVE-2021-27131

Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting XSS due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by...

CVE-2022-36057 Discourse-Chat Cross-Site Scripting issue for channel names and descriptions

Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting XSS attack. Version 0.9 contains a patch for this issue...

CVE-2022-2298

A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pms/index.php of the component Login Page. The manipulation of the argument username with the input admin' or...

minewebcms 1.15.2 Cross Site Scripting

Exploit Title: minewebcms 1.15.2 - Cross-site Scripting XSS Google Dork: NA Date: 02/20/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://mineweb.org/ Software Link: https://github.com/mineweb/minewebcms Version: 1.15.2 Tested on: KALI OS CVE : CVE-2022-1163...

CVE-2022-0627

The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-23321

A persistent cross-site scripting XSS vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0...

WordPress plugin 跨站脚本漏洞

WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of Wordpress Plugin WooCommerce prior to 2.7.1, which stems from a product wooce admin page that does not securely handle user input data. An attacker could exploit this vulnerability ...

CVE-2021-24771

The Inspirational Quote Rotator WordPress plugin through 1.0.0 does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the "Quotes list" even when the unfilteredhtml capability is disallo...

Cxuucms 跨站脚本漏洞

CxuuCms is an easy-to-use, open source PHP+Mysql based content management system. A cross-site scripting vulnerability exists in CXUUCMS V3. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via the first and third input fields of /public/admin.php...

CVE-2019-15318

The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field...

CVE-2019-15318

The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field...

Code injection

The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field...

CVE-2019-15318

The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field...

CVE-2018-1254

RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or...

WordPress plugin MailChimp cross-site scripting vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A cross-site scripting vulnerability exists in the integration parameter of the admin.php page of the WordPress...