289624 matches found
Academy LMS 6.0 - Cross-Site Scripting
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...
osTicket < v1.16.6 - Cross-Site Scripting
Cross-site Scripting XSS - Generic in GitHub repository osticket/osticket prior to v1.16.6. id: CVE-2023-1318 info: name: osTicket v1.16.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS - Generic in GitHub repository osticket/osticket prior to...
DedeCMS v5.7.111 - Cross-Site Scripting
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component selectmediapostwangEditor.php. id: CVE-2023-49494 info: name: DedeCMS v5.7.111 - Cross-Site Scripting author: ritikchaddha severity: medium description: | DedeCMS v5.7.111 was discover...
Lantronix SecureLinx Spider (SLS) 2.2+ - Cross-Site Scripting
Lantronix SecureLinx Spider SLS 2.2+ devices have XSS in the auth.asp login page. id: CVE-2018-10383 info: name: Lantronix SecureLinx Spider SLS 2.2+ - Cross-Site Scripting author: ritikchaddha severity: medium description: | Lantronix SecureLinx Spider SLS 2.2+ devices have XSS in the auth.asp...
Rukovoditel <= 3.2.1 - Cross Site Scripting
A stored cross-site scripting XSS vulnerability in the Global Entities feature /index.php?module=entities/entities of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity"...
Cockpit - Cross-Site Scripting
Cross-site Scripting XSS - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. id: CVE-2023-4451 info: name: Cockpit - Cross-Site Scripting author: iamnoooob,pdresearch severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository cockpit-hq/cockpit prior...
Moodle LTI module Reflected - Cross-Site Scripting
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
Emlog Pro v2.1.14 - Cross-Site Scripting
Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. id: CVE-2023-41621 info: name: Emlog Pro v2.1.14 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. impact: ...
EyouCms v1.6.2 - Cross-Site Scripting
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /admin/twitter.php?activet. id: CVE-2023-41597 info: name: EyouCms v1.6.2 - Cross-Site Scripting author: ritikchaddha severity: medium description: | EyouCms v1.6.2 was discovered to...
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...
WordPress Feed Them Social <3.0.1 - Cross-Site Scripting
WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page. id: CVE-2022-2383 info: name: WordPress Feed Them Social 3.0.1 - Cross-Site Scripting author: akincibor...
SuperWebMailer 9.00.0.01710 - Cross-Site Scripting
An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...
QCube Cross-Site-Scripting
A reflected cross-site scripting vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. id: CVE-2020-24912 info: name: QCube Cross-Site-Scripting author: pikpikcu severity: medium...
WebPort 1.19.1 - Cross-Site Scripting
Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter. id: CVE-2019-12461 info: name: WebPort 1.19.1 - Cross-Site Scripting author: pikpikcu severity: medium description: Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter. impact: |...
SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting
SIS Informatik REWE GO SP17 before 7.7 contains a cross-site scripting vulnerability via rewe/prod/web/index.php affected parameters are config, version, win, db, pwd, and user and /rewe/prod/web/rewegocheck.php version and all other parameters. id: CVE-2021-31537 info: name: SIS Informatik REWE ...
ZEROF Web Server 2.0 - Cross-Site Scripting
ZEROF Web Server 2.0 allows /admin.back cross-site scripting. id: CVE-2022-25323 info: name: ZEROF Web Server 2.0 - Cross-Site Scripting author: pikpikcu severity: medium description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting. impact: | Successful exploitation of this...
Chaty < 2.8.2 - Cross-Site Scripting
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting. id: CVE-2021-25016 info: name: Chaty 2.8.2 - Cross-Site Scripting...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/category.php CatagoryName and StakeHolder parameters. id: CVE-2018-20011 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version...
Movies <= 0.6 - Cross-Site Scripting
A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4539 info: name: Movies = 0.6 - Cross-Site Scripting author: daffainfo...
WordPress Pie-Register <2.0.19 - Cross-Site Scripting
WordPress Pie Register before 2.0.19 contains a reflected cross-site scripting vulnerability in pie-register/pie-register.php which allows remote attackers to inject arbitrary web script or HTML via the invitaioncode parameter in a pie-register page to the default URL. id: CVE-2015-7377 info: nam...