231 matches found
CVE-2026-4259 Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_manage_auctions
The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2026-4259
The CVE-2026-4259 entry concerns the Ultimate WooCommerce Auction Pro WordPress plugin (
EUVD-2022-55989
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...
EUVD-2022-55984
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...
CVE-2022-50968
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...
CVE-2022-50964
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...
CVE-2022-50968
uBidAuction 2.0.1 contains a reflected XSS in the auctions/manage module. The filter parameters date_created, date_from, date_to, and created_at are not sanitized, allowing remote attackers to inject scripts via crafted GET requests that run in victims’ browsers. The provided sources corroborate ...
CVE-2022-50968 uBidAuction 2.0.1 auctions manage Reflected XSS
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...
CVE-2022-50968
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...
CVE-2022-50963
uBidAuction 2.0.1 has a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The filter parameters date_created, date_from, date_to, and created_at are not properly sanitized, allowing remote attackers to inject scripts via crafted GET requests that execut...
CVE-2022-50963 uBidAuction 2.0.1 myAuctions active Reflected XSS
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...
uBidAuction 跨站脚本漏洞
uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleanup of the filter functions for th...
uBidAuction 跨站脚本漏洞
uBidAuction is an auction website system developed by the uBidAuction company, which supports online auctions and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for...
CVE-2026-22491
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through = 3.6.35...
EUVD-2026-15493
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through = 3.6.35...
CVE-2026-22491
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through = 3.6.35...
CVE-2026-22491 WordPress My auctions allegro plugin <= 3.6.35 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through = 3.6.35...
CVE-2026-22491 WordPress My auctions allegro plugin <= 3.6.35 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through = 3.6.35...
CVE-2026-22491
CVE-2026-22491 is a Reflected XSS in the WordPress plugin My auctions allegro free-edition (
PT-2026-27815
Name of the Vulnerable Software and Affected Versions wphocus My auctions allegro versions through 3.6.35 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker...