1046 matches found
CVE-2024-35314
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance MiVB SVI 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user...
CVE-2024-30160
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting XSS attack due to insufficient validation of user input. A successful exploit could allow ...
CVE-2024-35314
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance MiVB SVI 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user...
PT-2024-39918 · WordPress · Add Widget After Content
Name of the Vulnerable Software and Affected Versions: Add Widget After Content plugin for WordPress versions up to, and including, 2.4.6 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...
U.S. Dept Of Defense: [ CVE-2018-1000129 ] RXSS At `https://███████` via the URI
The CVE-2018-1000129 vulnerability allowed remote cross-site scripting RXSS at the specified URL. The vulnerability was due to improper sanitization of user input, which enabled the execution of arbitrary scripts in the victim's browser...
CVE-2024-9232
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to...
CVE-2024-8499
The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘renderreviewrequestnotice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possib...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the calendar event addition feature. An attacker can inject and execute arbitrary scripts by embedding malicious content into the calendar event name, which is not properly sanitized on output. Details...
CVE-2024-7846
YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts...
CVE-2024-45366
Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser...
CVE-2024-8907
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML XSS via a crafted set of UI gestures. Chromium security severity: Medium...
CVE-2024-8907
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML XSS via a crafted set of UI gestures. Chromium security severity: Medium...
CVE-2024-8797 WP Booking System – Booking Calendar <= 2.0.19.8 - Reflected Cross-Site Scripting
The WP Booking System – Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.19.8. This makes it possible for unauthenticated attackers...
Cross Site Scripting(XSS)
github.com/gouniverse/cms is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper handling of the argument alias in the PageRenderHtmlByAlias function of FrontendHandler.go. It allows an attacker to execute arbitrary scripts in the context of a user's browser...
CVE-2024-7611
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute of the Events Card widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied...
CVE-2024-44717
A cross-site scripting XSS vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-7606
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-38859 XSS in view page with SLA column
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 EOL allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by...
CVE-2024-38859 XSS in view page with SLA column
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 EOL allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by...
PT-2024-28240 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p14 Checkmk versions prior to 2.2.0p33 Checkmk versions prior to 2.1.0p47 Checkmk version 2.0.0 Description: The issue allows malicious users to execute arbitrary scripts by injecting HTML elements into the SLA...