7 matches found
EUVD-2024-50985
Malicious code in bioql PyPI...
CVE-2024-5713
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-10815
The PostLists WordPress plugin through 2.0.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2022-2190
The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-9835 RSS Feed Widget < 3.0.1 - Reflected XSS
The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-8056 MM-Breaking News <= 0.7.9 - Reflected XSS
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
Download Manager < 3.2.53 - Unauthenticated Reflected Cross-Site Scripting
The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute of the modal login page only available when users are not logged in, which could lead to Reflected Cross-Site Scripting in old web browsers. PoC On the modal login page from the plugin and using...