Design/Logic Flaw

CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php...

Cxuucms 跨站脚本漏洞

CxuuCms is an easy-to-use, open source PHP+Mysql based content management system. A cross-site scripting vulnerability exists in CXUUCMS V3. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via the first and third input fields of /public/admin.php...

CVE-2020-25170

An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...

CVE-2020-25170

An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...

CVE-2020-25170 B. Braun OnlineSuite

An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...

JVN#88315581: Multiple cross-site scripting vulnerabilities in Exment

Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in some input fields CWE-79 - CVE-2020-5619 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...

WordPress Product Input Fields for WooCommerce plugin <= 1.2.6 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by NinTechNet in WordPress Product Input Fields for WooCommerce plugin versions = 1.2.6. Solution Update the WordPress Product Input Fields for WooCommerce plugin to the latest available version at least 1.2.7...

Design/Logic Flaw

An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box...

Security Bulletin: Cross site Scripting (Reflected) vulnerability in IBM Operations Analytics - Log Analysis

Summary Input fields accept some HTML special tags as part of input which can be used subsequently to send/include malicious request by external user to steal sensitive information from the applicaiton. Vulnerability Details Third Party Entry: PSIRT-ADV0022528 DESCRIPTION: Created from Advisory:...

WordPress Easy Testimonials plugin cross-site scripting vulnerability (CNVD-2020-52690)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Easy Testimonials is a sidebar testimonials button plugin used in it. A cross-site scripting vulnerability exists in WordPress Easy...

Fruitful < 3.8.2 - Authenticated Stored XSS & Theme Options Deletion

The lack of capability and nonce checks in the fruitfuldatasave ajax call could allow attacker to perform stored XSS attack using a low privilege account. "Three other AJAX actions that should be accessible to the administrator only are accessible to any authenticated users: fruitfulresetbtn: thi...

Siemens SiNVR 3 Cross-Site Scripting Vulnerability (CNVD-2020-17007)

SiNVR 3 is a video management platform.Central Control Server CCS is the central control server and Video Server is the video server. SiNVR 3 has a stored cross-site scripting vulnerability in multiple input field implementations that can be exploited by remote attackers to inject malicious...

Cross site scripting

A stored XSS vulnerability in Kronos Web Time and Attendance webTA affects 3.8.x and later 3.x versions before 4.0 via multiple input fields Login Message, Banner Message, and Password Instructions of the com.threeis.webta.H261configMenu servlet via an authenticated administrator...

Calculated Fields Form < 1.0.354 - Authenticated Stored XSS

An authenticated user with access to edit or create Calculated Fields Form content can inject javascript into input fields such as ‘field name’ and ‘form name’...

CVE-2019-20211

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phon...

Cross site scripting

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phon...

CVE-2019-20211

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phon...

Travel Booking < 2.7.8.6 - Reflected & Persistent XSS Issues

Reflected & Persistent XSS vulnerability was discovered in the 'Travel Booking WordPress Theme', tested version — v2.7.8.5 Edit WPScanTeam: January 11th, 2020 - Report received & Envato contacted January 12th, 2020 - Report updated with Reflected XSS, Envato notified again. January 12th, 2020 -...

CityBook < 2.3.4 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'CityBook - Directory & Listing WordPress Theme', tested version — v2.3.3: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - IDOR Edit WPScanTeam: December 27h, 2019 - Envato Contacted January 6th, 2020 - Envato Investigating January...

Cross site scripting

There is Stored XSS in Verodin Director 3.5.3.0 and earlier via input fields of certain tooltips, and on the Tags, Sequences, and Actors pages...