CVE-2023-40669

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in twinpictures, baden03 Collapse-O-Matic plugin = 1.8.5.5 versions...

CVE-2023-40604

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jes Madsen Cookies by JM plugin = 1.0 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pdfcrowd Save as Image plugin by Pdfcrowd plugin = 2.16.0 versions...

Cross site scripting

Auth. contributor Cross-Site Scripting XSS vulnerability in 93digital Typing Effect plugin = 1.3.6 versions...

CVE-2023-41242

CVE-2023-41242 refers to the WordPress Snap Pixel plugin and is a Stored Cross-Site Scripting (XSS) vulnerability affecting versions

CVE-2023-27628 WordPress Sitekit Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Webvitaly Sitekit plugin = 1.3 versions...

CVE-2023-27628

CVE-2023-27628 affects the WordPress Sitekit plugin (versions 1.3 (patched in 1.4). If you are running

CVE-2023-40669 WordPress Collapse-O-Matic Plugin <= 1.8.5.5 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in twinpictures, baden03 Collapse-O-Matic plugin = 1.8.5.5 versions...

CVE-2023-40676

The CVE-2023-40676 entry concerns the VeronaLabs Slimstat Analytics WordPress plugin. Affected software: Slimstat Analytics plugin versions

CVE-2023-40605 WordPress Typing Effect Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor Cross-Site Scripting XSS vulnerability in 93digital Typing Effect plugin = 1.3.6 versions...

CVE-2023-40605

CVE-2023-40605 is an Authenticated (Contributor+) Cross-Site Scripting (XSS) vulnerability in the 93digital Typing Effect WordPress plugin, affecting versions up to and including 1.3.6. The issue is tied to the Typing Effect plugin and has actionable remediation: upgrade to version 1.3.7 or later...

CVE-2023-40604

CVE-2023-40604: Stored XSS in WordPress Cookies by JM plugin (admin+). Affected: Cookies by JM plugin

CVE-2023-28790 WordPress Simple Staff List Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Brett Shumaker Simple Staff List plugin = 2.2.3 versions...

CVE-2023-28790 WordPress Simple Staff List Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Brett Shumaker Simple Staff List plugin = 2.2.3 versions...

Exploit for CVE-2022-1040

CVE-2022-1040-sophos-rce-poc sophos rce poc sophos webmin po...

The vulnerability of the auth_changepassword.php component of the Cacti network monitoring software allows a attacker to perform XSS attacks.

The vulnerability of the authchangepassword.php component of the Cacti network monitoring software is related to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

CVE-2023-41949

Auth. admin+ Cross-Site Scripting XSS vulnerability in Avirtum iFolders plugin = 1.5.0 versions...

CVE-2023-41949

CVE-2023-41949 is an authenticated (admin+) Cross‑Site Scripting (XSS) vulnerability in the WordPress plugin iFolders by Avirtum, affecting versions

Medium: tomcat

Issue Overview: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to...

Important: ruby

Issue Overview: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the...