22 matches found
CVE-2025-10651 Welcart e-Commerce <= 2.11.22 - Authenticated (Editor+) Stored Cross-Site Scripting via order_mail
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ordermail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the ordermail field and a lack of escaping on output. This makes it possible for authenticate...
EUVD-2025-35353
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ordermail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the ordermail field and a lack of escaping on output. This makes it possible for authenticate...
CVE-2025-10651 Welcart e-Commerce <= 2.11.22 - Authenticated (Editor+) Stored Cross-Site Scripting via order_mail
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ordermail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the ordermail field and a lack of escaping on output. This makes it possible for authenticate...
WordPress plugin Welcart e-Commerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...
EUVD-2019-4962
Malware in sbrugna...
CVE-2020-20508
Shopkit v2.7 contains a reflective cross-site scripting XSS vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field...
CVE-2020-21357
A stored cross site scripting XSS vulnerability in /admin.php?mod=user=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field...
PT-2023-5296 · Unknown · Mod3Gp-Sy-120K
Name of the Vulnerable Software and Affected Versions: MOD3GP-SY-120K affected versions not specified Description: The web application of MOD3GP-SY-120K contains a persistent cross-site scripting XSS issue. This allows an authenticated remote attacker to inject an XSS payload into the MAIL RCV...
CVE-2022-41676
Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS Reflected Cross-Site Scripting attack to the mail recipient...
Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create/edit a form and put the following payload in the 'E-mail To' field: " The XSS will be...
CVE-2020-20508
Shopkit v2.7 contains a reflective cross-site scripting XSS vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field...
CVE-2020-21357
A stored cross site scripting XSS vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field...
Cross site scripting
A stored cross site scripting XSS vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field...
CVE-2020-21357
A stored cross site scripting XSS vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field...
Cross site scripting
An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field;...
CVE-2019-13505
The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email1...
CVE-2019-10027
PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox aka E-mail field on the personal information screen...
NordVPN 6.19.6 - Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: NordVPN 6.19.6 - Denial of Service PoC Date: 07/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://nordvpn.com/ Software Link: https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe Version: 6.19.6 Tested on: Windows 10 Proof of...
PHPBook 1.x Mail Field PHP Code Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16106/info phpBook is prone to a vulnerability that may let remote attackers inject arbitrary PHP code into the application. This code may then be executed by visiting pages that include the injected code. E-mail field:...
SoftBB 0.1 - 'mail' Blind SQL Injection
!/usr/bin/env python LOTFREE TEAM 03/2006 http://lotfree.next-touch.com/ http://membres.lycos.fr/lotfree/sploits/LOTF-SoftBB.py Vulnerability info Product : SoftBB Version : 0.1 The field 'mail' in reg.php is used directly in a SQL query : $sql = 'SELECT pseudo,mail FROM '.$prefixtable.'membres...