4739 matches found
WordPress Paid Memberships Pro plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.The Paid Memberships Pro plugin has a cross-site scripting vulnerability in versions prior to 2.6.6, which stems...
WordPress Buttonizer-Smart Floating Action Button plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. buttonizer-Smart Floating Action Button plugin has a cross-site scripting vulnerability in versions prior to 2.5.5,...
CVE-2021-44916
Opmantek Open-AudIT Community 4.2.0 Fixed in 4.3.0 is affected by a Cross Site Scripting XSS vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser...
CVE-2021-44916
Opmantek Open-AudIT Community 4.2.0 Fixed in 4.3.0 is affected by a Cross Site Scripting XSS vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser...
Cross site scripting
Opmantek Open-AudIT Community 4.2.0 Fixed in 4.3.0 is affected by a Cross Site Scripting XSS vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser...
Cross-site Scripting (XSS) - Stored in friends-of-forkcms/fork-cms-module-commerce
Description In the admin section in Commerce - Shop settings - Stock statuses - Edit stock statuses one can add XSS payloads. After adding XSS payloads when a user is visiting Commerce - Shop settings - Stock statuses the JavaScript code will be run. Proof of Concept Go to Commerce - Shop setting...
Delta Electronics DIAEnergie descr parameter cross-site scripting vulnerability
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...
WordPress WooCommerce myghpay Payment Gateway plugin cross-site scripting vulnerability
The WooCommerce myghpay Payment Gateway plugin is a WordPress open source application plugin. cross-site scripting vulnerability exists in the WordPress WooCommerce myghpay Payment Gateway plugin, which stems from /processresponse. php's clientref parameter lacks a data validation filter for...
WordPress .htaccess Redirect plugin cross-site scripting vulnerability
WordPress is a set of blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. The .htaccess Redirect plugin is a WordPress open source application plugin. The WordPress .htaccess Redirect...
UiPath App Studio Cross-Site Scripting Vulnerability
UiPath App Studio is a low-code application development platform from UiPath, Inc. A cross-site scripting vulnerability exists in version 21.4.4 of UiPath App Studio, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability...
Yetiforcecrm Cross-Site Scripting Vulnerability
YetiForceCrm is an open source Crm system from the Polish company YetiForce. Yetiforcecrm suffers from a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code ...
Delta Electronics DIAEnergie name parameter cross-site scripting vulnerability
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...
SourceCodester Vehicle Service Management System Cross-Site Scripting Vulnerability
Sourcecodester Vehicle Service Management System is an open source PHP project. Sourcecodester Vehicle Service Management System is a cross-site scripting vulnerability that could be exploited by an attacker through a lack of data validation filtering of user-supplied and output data in...
crocoblock JetEngine Cross-Site Scripting Vulnerability (CNVD-2022-05012)
crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. crocoblock JetEngine prior to version 2.9.1 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and...
Bus Pass Management System Cross-Site Scripting Vulnerability
Bus Pass Management System is a bus pass management system. v1.0 of Bus Pass Management System is vulnerable to a cross-site scripting vulnerability that stems from the lack of data validation filtering of user-supplied data and output in the parameters pagedes and About Us. An attacker could...
Motorola Solutions Avigilon Cross-Site Scripting Vulnerability
Motorola Solutions Avigilon is a series of security cameras from Motorola Solutions, U.S. A cross-site scripting vulnerability exists in Motorola Solutions Avigilon, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability...
WordPress WooCommerce EnvioPack plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WooCommerce EnvioPack plugin is a WordPress open source application plugin.The WordPress WooCommerce EnvioPack plugin h...
Genesys Workforce Management Cross-Site Scripting Vulnerability
Genesys Workforce Management is a workforce management system from Genesys, Inc. A cross-site scripting vulnerability exists in Genesys Workforce Management version 8.5.214.20, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the...
Delta Electronics DIAEnergie HandlerEnergyType Parameter Name Cross-Site Scripting Vulnerability
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...
WordPress link-list-manager plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. link-list-manager plugin is a WordPress open source application plugin. WordPress link-list-manager plugin has a...