CVE-2021-28359

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions 1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fi...

Schema & Structured Data for WP & AMP < 1.24 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

EazyDocs < 2.3.6 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2022-35740

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...

CVE-2018-10700

An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iwboarddeviceName" is susceptible to this...

CVE-2018-10073

joyplus-cms 1.6.0 has XSS in manager/adminvod.php via the keyword parameter...

ActiveHelper LiveHelp Server 3.1.0 - server/offline.php Multiple Parameter XSS

The activehelper-livehelp WordPress plugin was affected by a server/offline.php Multiple Parameter XSS security vulnerability...

GroupDocs Comparison <= 1.0.2 - Multiple Parameter XSS

The GroupDocs.Comparison for Cloud WordPress plugin was affected by a Multiple Parameter XSS security vulnerability...

PHPFreeChat 0.2.8 - lib/csstidy-1.2/css_optimiser.php url Parameter XSS

The phpfreechat WordPress plugin was affected by a lib/csstidy-1.2/cssoptimiser.php url Parameter XSS security vulnerability...

Car Demon 1.0.1 - /wp-admin/post.php Multiple Parameter XSS

The Car Demon WordPress plugin was affected by a /wp-admin/post.php Multiple Parameter XSS security vulnerability...

Traffic Analyzer 3.3.2 - js/ta_loaded.js.php aoid Parameter XSS

The trafficanalyzer WordPress plugin was affected by a js/taloaded.js.php aoid Parameter XSS security vulnerability...

Zingiri Web Shop <= 2.4.0 - zing.inc.php page Parameter XSS

The zingiri-web-shop WordPress plugin was affected by a zing.inc.php page Parameter XSS security vulnerability...

Zingiri Web Shop <= 2.4.0 - onecheckout.php notes Parameter XSS

The zingiri-web-shop WordPress plugin was affected by an onecheckout.php notes Parameter XSS security vulnerability...

Uploader 1.0.4 - notify.php blog Parameter XSS

The uploader WordPress plugin was affected by a notify.php blog Parameter XSS security vulnerability...

Redirection - wp-admin/tools.php id Parameter XSS

The Redirection WordPress plugin was affected by a wp-admin/tools.php id Parameter XSS security vulnerability...

SS Downloads 1.4.4.1 - services/getfile.php file Parameter XSS

The SS Downloads WordPress plugin was affected by a services/getfile.php file Parameter XSS security vulnerability...

PG MatchMaking browse_men.php show Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/35808/info PG Matchmaking is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in t...

TikiWiki Project 1.8 tiki-view_faq.php faqId Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting,...

68 Classifieds 4.1 searchresults.php page Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36208/info '68 Classifieds' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in th...

myPHPNuke 1.8.8 download.php dcategory Parameter XSS

No description provided by source...