14 matches found
CVE-2020-23014
APfell 1.4 is vulnerable to authenticated reflected cross-site scripting XSS in /apiui/command through the payloadtypescallback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel...
EUVD-2022-40712
Malicious code in bioql PyPI...
CVE-2025-46350 Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...
CVE-2023-51068
An authenticated reflected cross-site scripting XSS vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link...
PT-2022-23350 · Totalsoft · Totalsoft Event Calendar – Calendar Plugin
Name of the Vulnerable Software and Affected Versions: Totalsoft Event Calendar – Calendar plugin versions 1.4.6 and earlier Description: The issue is related to an Authenticated Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker could potentially inject malicious scrip...
CVE-2022-29976
An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0...
CVE-2021-36875 WordPress uListing plugin <= 2.0.5 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability
Cross-site Scripting XSS vulnerability in Stylemix Directory Listings WordPress plugin – uListing allows Reflected XSS.This issue affects Directory Listings WordPress plugin – uListing: from n/a through 2.0.5...
WordPress uListing plugin <= 2.0.5 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Vulnerable parameters: &filterid, &filteruser, &filterexpireddate, &filtercreateddate, &filterupdateddate. Solution Update the WordPress uListing...
CVE-2021-24306 Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)
The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue...
CVE-2021-24196 Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)
The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘tokenerror’ parameter can be controlled by users and it is directly echoed without being sanitized...
Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)
The plugin allowed Authenticated Reflected XSS in the plugin settings page as the ‘tokenerror’ parameter can be controlled by users and it is directly echoed without being sanitized /wp-admin/admin.php?page=settings-wisw&tokenerror=alert/XSS/;...
Popup Builder < 3.74 - Authenticated Reflected Cross-Site Scripting (XSS)
The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. http://example.com/wp-admin/edit.php?posttype=popupbuilder&page=sgpbSubscribers&sgpb-subscribers-date=%22%3E%3Cscript%3Ealert%28origin%29%3C%2Fscript%3E Video:...
WordPress Newsletter Plugin < 6.8.2 Multiple Vulnerabilities
The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-admin/admin.php?page=nf-processing=...