CVE-2024-35705

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ciprian Popescu Block for Font Awesome allows Stored XSS.This issue affects Block for Font Awesome: from n/a through 1.4.4...

WordPress Move Addons for Elementor plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by stealthcopter in WordPress Plugin Move Addons for Elementor versions = 1.3.1...

CVE-2023-4728

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and abov...

PT-2024-17514 · Rejetto · Http File Server

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers. This allows an attacker to specify the full HTTP respon...

CVE-2024-1242

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

The vulnerability of the Ultimate WP Query Search Filter plugin of the WordPress content management system arises from the lack of protective measures for website structures. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Ultimate WP Query Search Filter plugin of the WordPress content management system is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2023-40461

The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition...

UBUNTU-CVE-2022-45592

1 Server Side Request Forgery SSRF, 2 persistant Cross site scripting XSS, and 3 File upload vulnerability...

PT-2023-23252 · Baidu · Baidu Tongji Generator

Name of the Vulnerable Software and Affected Versions: Baidu Tongji generator versions n/a through 1.0.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the Haoqisir Baidu Tongji generator. Recommendations: For versions n/a through 1.0.2, as a...

CVE-2023-5696

A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pagestransfermoney.php. The manipulation of the argument accountnumber with the input 357146928--alert9206!-- leads to cross site...

CVE-2023-44242

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in 2J Slideshow Team Slideshow, Image Slider by 2J plugin = 1.3.54 versions...

PT-2023-28073 · Yydevelopment · Back To The Top Button

Name of the Vulnerable Software and Affected Versions: YYDevelopment Back To The Top Button plugin versions = 2.1.5 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For YYDevelopment...

CVE-2022-4466

The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2022-4125

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well...

PT-2022-23327 · WordPress · Ultimate Tables

Name of the Vulnerable Software and Affected Versions: ULTIMATE TABLES plugin versions = 1.6.5 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This vulnerability affects the ULTIMATE TABLES plugin on WordPress, allowing for reflected cross-site...

CVE-2022-27913

An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components...

CVE-2022-1913

The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

CVE-2022-1597

The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks...

CVE-2022-0647

The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the posttype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...