4 matches found
CVE-2021-47834
Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...
WordPress new-contact-form-widget plugin SQL Injection Vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. new-contact-form-widget is a contact form builder plugin used in it. A SQL injection vulnerability exists in the WordPress...
Mail.ru: XSS on New contact
Self-XSS was reported for web.icq.com. According to bug bounty program's rules, self XSS reports are not considered...
Cross site scripting
Cross-site scripting XSS vulnerability in Webasyst Shop-Script 5.2.2.30933 allows remote attackers to inject arbitrary web script or HTML via the phone number field in a new contact to phpecom/index.php/webasyst/contacts/...