4739 matches found
WordPress Image Slider plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Image Slider plugin 1.1.2 and earlier versions contain a cross-site scripting vulnerability...
WordPress Promotion Slider plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Promotion Slider plugin 3.3.4 and earlier versions contain a cross-site scripting...
WordPress Age Gate plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. WordPress Age Gate plugin 2.1.70 and earlier versions are vulnerable to a cross-site scripting vulnerability...
WordPress Private Messages plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Private Messages plugin 2.1.10 and earlier versions are vulnerable to a cross-site scriptin...
CVE-2021-41420
A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel...
WordPress Static Page eXtended plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Static Page eXtended plugin version 2.1 and previous versions have a cross-site scripting...
WordPress Newsletter plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
flatCore Cross-Site Scripting Vulnerability (CNVD-2022-58394)
flatCore is a lightweight content management system CMS based on PHP and SQLite. A cross-site scripting vulnerability exists in flatCore version 2.0.8, which stems from a lack of checksum filtering of user-supplied and output data in the Create New Page option of the index page. An attacker can...
WordPress FiboSearch plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress FiboSearch plugin version prior to 1.17.0 has a cross-site scripting vulnerability that ste...
LibreHealth EHR Cross-Site Scripting Vulnerability (CNVD-2022-62206)
LibreHealth EHR is a clinically-focused electronic health record EHR system designed to be easy to use out of the box and customizable for use in a variety of healthcare settings. The navigation.php page lacks filtering and escaping for parameters. An attacker could exploit this vulnerability to...
Cross site scripting
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting XSS vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute...
Barco Control Room Cross-Site Scripting Vulnerability
Barco Control Room is a visualization and collaboration solution from Barco Belgium. Used to build control rooms, a cross-site scripting vulnerability exists in the Barco Control Room Management Suite web application prior to version 3.14. The vulnerability stems from the URL parameter of the...
Solutions Atlantic Regulatory Reporting System Cross-Site Scripting Vulnerability
Solutions Atlantic Regulatory Reporting System is a flagship regulatory reporting system from Solutions Atlantic, Inc. Solutions Atlantic Regulatory Reporting System RRS v500 is vulnerable to a cross-site scripting vulnerability that could be exploited to execute JavaScript code...
LibreNMS Cross-Site Scripting Vulnerability (CNVD-2022-66503)
LibreNMS is a PHP and MySQL based open source network monitoring system from the LibreNMS community. The system features custom alerts, auto-discovery of network environments and automatic updates.LibreNMS v22.3.0 version contains a cross-site scripting vulnerability that originates from the...
Jfinal CMS Cross-Site Scripting Vulnerability (CNVD-2022-66500)
Jfinal CMS is a powerful information consulting website developed in java, using the simple and powerful JFinal as the web framework, template engine with beetl, database with mysql, and front-end bootstrap framework. cross-site scripting vulnerability exists in Jfinal CMS v5.1.0. The vulnerabili...
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar Cross-Site Scripting Vulnerability
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar is an e-commerce project. ecommerce-project-with-php-and-mysqli-Fruits-Bazar version 1.0 is vulnerable to a cross-site scripting vulnerability that stems from The ctgname parameter on the adminaddcata.php page lacks a checksum filter for...
CVE-2022-1940
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues...
CVE-2022-1940
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues...
CVE-2022-1940
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues...
CVE-2022-1940
Removed by vendor...