7656 matches found
CVE-2020-15535
An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields...
Design/Logic Flaw
An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields...
Design/Logic Flaw
An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields...
CVE-2020-15535
The CVE-2020-15535 entry concerns the WordPress plugin bestsoftinc Car Rental System (up to version 1.3). The vulnerability is a persistent cross-site scripting (XSS) flaw that can be triggered via registration fields in the plugin’s UI, leading to stored XSS. Several connected sources corroborat...
CVE-2020-15536
An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields...
CVE-2020-15536
The CVE-2020-15536 entry concerns the WordPress plugin bestsoftinc Hotel Booking System Pro (versions up to 1.1). Multiple connected sources confirm a persistent (stored) cross-site scripting vulnerability affecting registration/booking input fields, allowing injected script to execute in context...
JobSearch < 1.5.3 - Multiple Cross-Site Scripting Issues
An Unauthenticated Reflected & Multiple Authenticated Persistent XSS vulnerabilities was discovered in the JobSearch plugin through 1.5.1 and 1.5.2 for WordPress. Authenticated Persistent XSS on the Candidate and Employer Profile pages. An Authenticated Persistent XSS @ Job Page will trigger on t...
Careerfy < 4.1.0 - Multiple Cross-Site Scripting (XSS) Issues
An Unauthenticated Reflected & Multiple Authenticated Persistent XSS vulnerabilities was discovered in the Careerfy Job Board theme through 3.9.0 and 4.0.0 for WordPress. Authenticated Persistent XSS on the Candidate and Employer Profile pages. An Authenticated Persistent XSS @ Job Page will...
Careerfy < 4.1.0 - Multiple Cross-Site Scripting (XSS) Issues
An Unauthenticated Reflected & Multiple Authenticated Persistent XSS vulnerabilities was discovered in the Careerfy Job Board theme through 3.9.0 and 4.0.0 for WordPress. Authenticated Persistent XSS on the Candidate and Employer Profile pages. An Authenticated Persistent XSS @ Job Page will...
WordPress JobSearch premium plugin <= 1.5.2 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability (job pages)
Authenticated Persistent Cross-Site Scripting XSS vulnerability job pages discovered by m0ze in WordPress JobSearch premium plugin versions = 1.5.2. Solution Update the WordPress JobSearch premium plugin to the latest available version at least 1.5.3...
JobSearch < 1.5.3 - Multiple Cross-Site Scripting Issues
An Unauthenticated Reflected & Multiple Authenticated Persistent XSS vulnerabilities was discovered in the JobSearch plugin through 1.5.1 and 1.5.2 for WordPress. Authenticated Persistent XSS on the Candidate and Employer Profile pages. An Authenticated Persistent XSS @ Job Page will trigger on t...
Victor CMS 1.0 Cross Site Scripting
Exploit Title: Victor CMS 1.0 - 'userfirstname' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-06-28 Exploit Author: Anushree Priyadarshini Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link:https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0...
Victor CMS 1.0 - (user_firstname) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Victor CMS 1.0 - 'userfirstname' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-06-28 Exploit Author: Anushree Priyadarshini Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software...
BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting
Exploit title: BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting Exploit Author: William Summerhill Date: 2020-06-22 Vendor homepage: https://www.globalradar.com/ Tested on: Window CVE-2020-14943 Description: The "Firstname" and "Lastname" parameters in Global RADAR BSA Radar 1.6.7234.X...
Victor CMS Cross-Site Scripting Vulnerability (CNVD-2021-24255)
Victor CMS is a simple content management system. A persistent cross-site scripting vulnerability exists in admin/users.php?source=adduser in Victor CMS 1.0. The vulnerability can be exploited to conduct a cross-site scripting attack via the username, userfirstname, or userlastname parameters...
Perfex v2.4.4 CRM - (Print) Persistent Web Vulnerability
Document Title: =============== Perfex v2.4.4 CRM - Print Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2231 Release Date: ============= 2020-06-23 Vulnerability Laboratory ID VL-ID: ==================================== 22...
CVE-2020-13427
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...
CVE-2020-13427
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...
CVE-2020-13427
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...
CVE-2020-13427
CVE-2020-13427 affects Victor CMS 1.0. The vulnerability is a persistent cross-site scripting (XSS) flaw exploitable via the admin/users.php?source=add_user parameters (user_name, user_firstname, user_lastname). The available connected documents confirm the existence and location of the XSS, but ...