EUVD-2026-36656

A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack is possible to be carried out...

EUVD-2015-9419

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...

CVE-2015-20119

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...

CVE-2015-20119 RealtyScript 4.0.2 Stored Cross-Site Scripting via text Parameter in pages.php

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...

EUVD-2017-18478

Malware in sbrugna...

Improper Neutralization of Data within XPath Expressions ('XPath Injection')

Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Improper Neutralization of Data within XPath Expressions 'XPath Injection' via the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS action...

GHSA-GHF6-2F42-MJH9 XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title

Impact In XWiki, it is possible to pass a title to the page creation action that isn't displayed at first but then executed in the second step. This can be used by an attacker to trick a victim to execute code, allowing script execution if the victim has script right or remote code execution...

PT-2020-12655 · WordPress · Wp Lead Plus X

Name of the Vulnerable Software and Affected Versions: WP Lead Plus X plugin versions through 0.98 Description: The issue allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the "wp ajax core37 lp save page"...

CVE-2019-19133

The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a cssheroaction=editpage request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in th...

Pluck Cross-Site Request Forgery Vulnerability (CNVD-2019-05782)

Pluck is a content management system CMS developed using the PHP language. A cross-site request forgery vulnerability exists in Pluck version 4.7.9-dev1. A remote attacker can exploit this vulnerability to delete articles with /admin.php?action=deletepage&var1= URI...

Cross site scripting

DISPUTED A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS...

CVE-2018-10726

A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS...

CVE-2018-10726

CVE-2018-10726 is a stored XSS vulnerability in Datenstrom Yellow 0.7.3 exploitable via the "Edit page" action. Multiple connected reports reiterate the vendor’s note that installations accessible to untrusted users should have parserSafeMode=1 in system/config/config.ini to prevent XSS. Affected...

PT-2018-10068 · Datenstrom · Datenstrom Yellow

Name of the Vulnerable Software and Affected Versions: Datenstrom Yellow version 0.7.3 Description: A stored XSS issue was found via an "Edit page" action. The vendor disputes the relevance of this report, noting that installations accessible to untrusted users should have parserSafeMode=1 in...

Cross site scripting

admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication aka ...

CVE-2017-9547

admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication aka ...

CVE-2017-9547

admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication aka ...

Adobe Acrobat Pro DC Close Page Action Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the iframeurl parameter in an Update Page action in the...

Adobe Acrobat Pro Close page action Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...