4739 matches found
WordPress Perfect Survey plugin cross-site scripting vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. WordPress Perfect Survey plugin in version 1.5.2 and prior versions suffers from a cross-site scripting vulnerability that stems from not validating and escaping the X-Forwarded-For header value,...
WordPress Asset CleanUp: Page Speed Booster plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. Asset CleanUp:Page Speed Booster WordPress plugin prior to version 1.3.8.5 is vulnerable to a cross-site scripting vulnerability, which stems from the fact that the wpacuselectedsub tabarea parameter is...
WordPress Contact Form 7 Skins plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Contact Form 7 Skins plugin in version 2.5.0 and earlier has a cross-site scripting vulnerability that stems from the tab parameter not being escaped before being output to the admin...
WordPress NextScripts:Social Networks Auto-Poster插件跨站脚本漏洞
NextScripts:Social Networks Auto-Poster WordPress plugin is vulnerable to a cross-site scripting vulnerability in versions prior to 4.3.24. The vulnerability stems from the fact that log requests are not escaped before being exported to the relevant administrative The vulnerability stems from the...
CVE-2022-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...
CVE-2022-23049
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session...
Code injection
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions...
Mageia: Security Advisory (MGASA-2021-0390)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross site scripting
A Cross-site scripting XSS vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code...
CVE-2021-46065
A Cross-site scripting XSS vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code...
SourceCodester Hospital Patient Records Management System Cross-Site Scripting Vulnerability
SourceCodester Hospital Patient Records Management System is a web-based PHP application that provides an automated platform for hospitals to store and manage their patient records. A cross-site scripting vulnerability exists in version 1.0 of the Management System. The vulnerability is related t...
ForestBlog Cross-Site Scripting Vulnerability
ForestBlog is an application. A personal blog. ForestBlog suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the vulnerability to execute JavaScript code on the client side...
Jfinal CMS Cross-Site Scripting Vulnerability
Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS cross-site scripting vulnerability , the vulnerability stems from the...
WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting XSS Authenticated Date: 25-10-2021 Exploit Author: Ceylan Bozogullarindan Vendor Homepage: https://lenderd.com/ Software Link: https://mortgagecalculatorsplugin.com/ Version: 1.52 Tested on: Linux CVE :...
Cross-site Scripting (XSS)
getgrav/grav is vulnerable to cross-site scripting XSS attacks. Insufficient checks in detectXss allow remote attackers to inject and execute arbitrary javascript code in the victim's browser...
YetiForceCrm Cross-Site Request Forgery Vulnerability (CNVD-2022-08153)
YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site request forgery vulnerability exists in YetiForceCrm prior to version 6.3.0, which stems from a lack of proper validation of client-side data by the WEB application. An attacker could exploit this...
WordPress Five Star Restaurant Reservations plugin cross-site scripting vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the Wordpress Plugin Five Star Restaurant Reservations prior to version 2.4.8, which stems from the product's rtbwelcomesetschedule...
WordPress Simple Download Monitor plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions prior to Wordpress Plugin Simple Download Monitor 3.9.11, which stems fr...
WordPress Sendinblue plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Wordpress Plugin Sendinblue prior to version 3.1.25, which...
CVE-2022-23008
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...