6469 matches found
Jeesns 1.4.2 - Cross-Site Scripting
Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. id: CVE-2020-19295 info: name: Jeesns 1.4.2 - Cross-Site Scripting author:...
WordPress Integrator 1.32 - Cross-Site Scripting
A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php. id: CVE-2012-5913 info: name: WordPress Integrator 1.32 - Cross-Site Scripti...
Rukovoditel <= 3.2.1 - Cross Site Scripting
A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". id:...
Unyson < 2.7.27 - Cross Site Scripting
The plugin does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters id: CVE-2022-2219 info: name: Unyson 2.7.27 - Cross Site Scripting author: r3Y3r53 severity: high description:...
MaxSite CMS > V106 - Cross-Site Scripting
A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/ allows remote attackers to inject arbitrary web script to a page." id: CVE-2021-35265 info: name: MaxSite CMS V106 - Cross-Site Scripting author: pikpikcu severity: medium description: | A reflected...
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter. id: CVE-2021-40971 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat...
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Field function at /index.php?module=entities/fields&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name...
WordPress Copyright Proof <=4.16 - Cross-Site-Scripting
WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled. id: CVE-2022-1906...
Contao <4.13.3 - Cross-Site Scripting
Contao prior to 4.13.3 contains a cross-site scripting vulnerability. It is possible to inject arbitrary JavaScript code into the canonical tag. id: CVE-2022-24899 info: name: Contao 4.13.3 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Contao prior to 4.13.3 contains...
CandidATS 3.0.0 - Cross-Site Scripting
CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
Haraj 3.7 - Cross-Site Scripting
Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks. id: CVE-2022-31299 info: name: Haraj 3.7 - Cross-Site Scripting author: edoardottt severity: medium...
eShop 3.0.4 - Cross-Site Scripting
eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in. id: CVE-2022-35493 info: name: eShop 3.0.4 - Cross-Site Scripting author: arafatansari severity: medium description: | eShop 3.0.4 contains a reflected cross-site scripting...
Seo Panel 4.8.0 - Cross-Site Scripting
Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter. id: CVE-2021-3002 info: name: Seo Panel 4.8.0 - Cross-Site Scripting author: edoardottt severity: medium description: Seo Panel 4.8.0 contains a reflected cross-site...
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Nam...
Rukovoditel <= 3.2.1 - Cross Site Scripting
A stored cross-site scripting XSS vulnerability in the Global Entities feature /index.php?module=entities/entities of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity"...
WBCE CMS v1.5.4 - Cross Site Scripting (Stored)
A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. id: CVE-2022-45038 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...
Microweber < 1.2.17 - Cross-Site Scripting
Cross-site Scripting XSS vulnerability in the /demo/editortools/module endpoint via the 'type' parameter. id: CVE-2022-2130 info: name: Microweber 1.2.17 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS vulnerability in the...
WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting
WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the...
WordPress E2Pdf <1.16.45 - Cross-Site Scripting
WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfilteredhtml capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context o...
ClinicCases 7.3.3 Cross-Site Scripting
ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. id: CVE-2021-38704 info: name:...