6 matches found
CVE-2021-39402
MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors...
CVE-2024-12098
The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utmkeyword' parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-12098 ARS Affiliate Page Plugin <= 2.0.2 - Reflected Cross-Site Scripting
The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utmkeyword' parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-12098
CVE-2024-12098 affects the ARS Affiliate Page Plugin for WordPress. The issue is a Reflected Cross-Site Scripting via the utm_keyword parameter in all versions up to and including 2.0.2, allowing unauthenticated attackers to inject scripts in pages executed when a user clicks a crafted link. A pa...
WordPress plugin ARS Affiliate Page Plugin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
shop.accesso.com XSS vulnerability
Vulnerable URL: https://shop.accesso.com/affiliate/sixflagsBlast/template/Ride1.php?username===5007=Fulton+County+Government=https://shop.accesso.com/clients/sixflags/affiliate/index.php?m=12907ℑ=xss%22%20onerror=prompt%27openbugbounty%27%20%22 Details: Description| Value ---|--- Patched:| No...