377 matches found
WordPress WP Content Permission plugin <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ohmem-message' Parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'ohmem-message' Parameter vulnerability discovered by 0x34rth in WordPress Plugin WP Content Permission versions = 1.2...
CVE-2026-1700
A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made...
CVE-2026-1700
A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made...
EUVD-2026-5012
A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made...
CVE-2026-1700 projectworlds House Rental and Property Listing sms.php cross site scripting
A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made...
Projectworlds House Rental and Property Listing: Code Injection Vulnerability
Projectworlds House Rental and Property Listing is an open-source housing rental and property listing system developed by Projectworlds. Version 1.0 of Projectworlds House Rental and Property Listing contains a code injection vulnerability, which stems from incorrect handling of the parameter...
CVE-2025-15522
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatordiscordusermapping shortcode in all versions up to, and including, 6.10.0.2 due to insufficient input sanitization and output...
CVE-2025-15522 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.10.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatordiscordusermapping shortcode in all versions up to, and including, 6.10.0.2 due to insufficient input sanitization and output...
CVE-2025-15522
CVE-2025-15522 : Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to a stored cross-site scripting (XSS) via the shortcode automator_discord_user_mapping in all versions up to 6.10.0.2. The issue arises from insufficient input saniti...
CVE-2023-40819
ID4Portais in version V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability...
CVE-2023-40519
A cross-site scripting XSS vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575ee9195b0, 01.01.01.30097902fd999e76, and 00.12.01.95655881254b459 allows remote attackers to inject arbitrary web script or HTML v...
CVE-2019-25277
FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing...
Advaya Softech GEMS ERP Portal 代码注入漏洞
Advaya Softech GEMS ERP Portal is an enterprise resource planning ERP portal system from Advaya Softech India that provides enterprise-level business process management, financial management, and supply chain integration capabilities. A code injection vulnerability exists in Advaya Softech GEMS E...
CVE-2021-47716 Orangescrum 1.8.0 Cross-Site Scripting via Authenticated Endpoints
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...
OrangeScrum 跨站脚本漏洞
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. A cross-site scripting vulnerability exists in Orangescrum, which stems from insufficient validation of parameter inputs such as projid, CSmessage, and...
CVE-2024-25814
MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the msg parameter...
CVE-2024-25814
CVE-2024-25814 affects MyNET up to v26.05. The issue is a reflected cross-site scripting (XSS) vulnerability exploitable via the msg parameter. The Red Hat/EU ENISA/CNNVD and CVE entries corroborate the same description: vulnerable version range is prior to 26.05, with the root cause being reflec...
AIRC MyNET 安全漏洞
AIRC MyNET is a specialized online management system from AIRC Portugal. A security vulnerability exists in AIRC MyNET v26.05 and earlier versions, which stems from a reflected cross-site scripting issue with the msg parameter...
CVE-2025-12076
The Social Media Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage parameter in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-12834
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failuremessage' parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...