CVE-2021-28359

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions 1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fi...

Schema & Structured Data for WP & AMP < 1.24 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

EazyDocs < 2.3.6 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2022-35740

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...

CVE-2018-10700

An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iwboarddeviceName" is susceptible to this...

CVE-2018-10073

joyplus-cms 1.6.0 has XSS in manager/adminvod.php via the keyword parameter...

ActiveHelper LiveHelp Server 3.1.0 - server/offline.php Multiple Parameter XSS

The activehelper-livehelp WordPress plugin was affected by a server/offline.php Multiple Parameter XSS security vulnerability...

GroupDocs Comparison <= 1.0.2 - Multiple Parameter XSS

The GroupDocs.Comparison for Cloud WordPress plugin was affected by a Multiple Parameter XSS security vulnerability...

PHPFreeChat 0.2.8 - lib/csstidy-1.2/css_optimiser.php url Parameter XSS

The phpfreechat WordPress plugin was affected by a lib/csstidy-1.2/cssoptimiser.php url Parameter XSS security vulnerability...

Car Demon 1.0.1 - /wp-admin/post.php Multiple Parameter XSS

The Car Demon WordPress plugin was affected by a /wp-admin/post.php Multiple Parameter XSS security vulnerability...

Traffic Analyzer 3.3.2 - js/ta_loaded.js.php aoid Parameter XSS

The trafficanalyzer WordPress plugin was affected by a js/taloaded.js.php aoid Parameter XSS security vulnerability...

Zingiri Web Shop <= 2.4.0 - zing.inc.php page Parameter XSS

The zingiri-web-shop WordPress plugin was affected by a zing.inc.php page Parameter XSS security vulnerability...

Zingiri Web Shop <= 2.4.0 - onecheckout.php notes Parameter XSS

The zingiri-web-shop WordPress plugin was affected by an onecheckout.php notes Parameter XSS security vulnerability...

Uploader 1.0.4 - notify.php blog Parameter XSS

The uploader WordPress plugin was affected by a notify.php blog Parameter XSS security vulnerability...

SS Downloads 1.4.4.1 - services/getfile.php file Parameter XSS

The SS Downloads WordPress plugin was affected by a services/getfile.php file Parameter XSS security vulnerability...

Redirection - wp-admin/tools.php id Parameter XSS

The Redirection WordPress plugin was affected by a wp-admin/tools.php id Parameter XSS security vulnerability...

Claroline 1.x admin/campusProblem.php view Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local script code in the context of the application...

PHP Live! 3.2.2 phplive/message_box.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21737/info PHP Live! is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...

M-TECH P-Synch 6.2.5 nph-psa.exe css Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/7745/info P-Synch does not adequately filter HTML code from URL parameters, making it prone to cross-site scripting attacks. Code will be executed in the security context of the system running P-Synch. This may enable a...

Simple one-file gallery gallery.php f Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/22700/info Simple one-file gallery is prone to multiple input-validation vulnerabilities, including a local file-include issue and a cross-site scripting issue. An attacker can exploit these issues to steal cookie-based...