5 matches found
PT-2026-37351
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking form page url' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Page URL variable. An attacker can manipulate web content or hijack user sessions by injecting malicious scripts into the URL parameter. Details Cross-site scripting or XSS is a code vulnerability th...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Page URL variable. An attacker can manipulate web content or hijack user sessions by injecting malicious scripts into the URL parameter. Details Cross-site scripting or XSS is a code vulnerability th...
Plausible Analytics < 1.3.4 - Reflected XSS
Description The plugin does not sanitise and escape the page-url parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Ex Libris Patron Directory Services 2.1 Cross Site Scripting
CVE-2014-7293 Ex Libris Patron Directory Services PDS XSS Cross-Site Scripting Security Vulnerability Exploit Title: Ex Libris Patron Directory Services PDS Logon Page url Parameter XSS Product: Ex Libris Patron Directory Services PDS Vendor: Ex Libris Vulnerable Versions: 2.1 and probability pri...