CVE-2018-11105

There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" aka wplcname and "email" aka wplcemail input fields to wp-json/wplivechatsupport/v1/startchat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: thi...

CVE-2018-11105

There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" aka wplcname and "email" aka wplcemail input fields to wp-json/wplivechatsupport/v1/startchat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: thi...

Cross site scripting

There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" aka wplcname and "email" aka wplcemail input fields to wp-json/wplivechatsupport/v1/startchat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: thi...

CVE-2018-11105

There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" aka wplcname and "email" aka wplcemail input fields to wp-json/wplivechatsupport/v1/startchat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: thi...

PT-2018-10311 · WordPress · Wp-Live-Chat-Support

Name of the Vulnerable Software and Affected Versions: wp-live-chat-support plugin versions prior to 8.0.08 Description: The issue is related to stored cross-site scripting in the wp-live-chat-support plugin for WordPress. This occurs via the name aka wplc name and email aka wplc email input fiel...

CVE-2018-8869

In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H...

CVE-2018-6796

PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field...

WonderCMS Stored Cross-Site Scripting Vulnerability

WonderCMS is an open source, fast, small and simple flat file cms. A stored cross-site scripting vulnerability exists in WonderCMS 2.3.1. The vulnerability arises because the input fields of the application accept arbitrary user input. An attacker can exploit this vulnerability to execute malicio...

CVE-2017-14522

In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website...

CVE-2017-14522

Summary: CVE-2017-14522 affects WonderCMS 2.3.1, where input fields can accept arbitrary data and lead to execution of malicious JavaScript. Multiple sources corroborate a stored XSS risk in WonderCMS 2.3.1, with vendor dispute that this is a feature allowing only a logged-in administrator to wri...

CVE-2017-14522

In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website...

Cross site scripting

D-Link DSL-2740E 1.00BG20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a...

Vendor BPC Silent on Patching SQL Injection in SmartVista Ecommerce Software

A popular ecommerce platform sold in 60 countries suffers from a SQL injection vulnerability privately disclosed in April that has yet to be patched by the vendor. BPC Banking Technologies of Switzerland has not acknowledged the vulnerability in its SmartVista suite of ecommerce and financial...

Sitefinity CMS 9.2 Cross Site Scripting

Exploit Title: Stored Cross Site Scripting XSS in Progress Sitefinity CMS 9.2 Date: Aug 31, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitefinity.com/ Tested on: Progress Sitefinity CMS 9.2 and lower CVE : NA Vendor Description ------------------ ProgressAr SitefinityaC/ is ...

CVE-2017-11182

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable...

Cross site scripting

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable...

CVE-2017-11182

Rise Ultimate Project Manager v1.8 contains cross-site scripting (XSS) vulnerabilities in the My Profile input fields. All input fields are vulnerable, enabling injection of arbitrary script/HTML. The CVE notes an XSS issue but does not provide exploitation status, impact depth beyond the stated ...

CVE-2017-6953

Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long "Register a new card" input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 searchkeywords parameter to index.php/users page; the 2 "Name of application" on index.php/configuration; 3 a new project name on index.php/projects; 4 the task na...

WordPress Gwolle Guestbook 1.7.4 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Gwolle Guestbook WordPress Plugin ------------------------------------------------------------------------ Radjnies Bhansingh, July 2016...