348 matches found
CVE-2021-34658
The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.7...
CVE-2021-34663
The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5...
CVE-2021-34643
The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2...
CVE-2021-34643
The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2...
CVE-2021-34663 jQuery Tagline Rotator <= 0.1.5 Reflected Cross-Site Scripting
The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5...
CVE-2021-34658 Simple Popup Newsletter <= 1.4.7 Reflected Cross-Site Scripting
The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.7...
CVE-2021-34653 WP Fountain <= 1.5.9 Reflected Cross-Site Scripting
The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /wp-fountain.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.9...
CVE-2021-34644 Multiplayer Games <= 3.7 Reflected Cross-Site Scripting
The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7...
Simple Popup Newsletter <= 1.4.7 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts...
Skaut bazar < 1.3.3 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /skaut-bazar.php file which allows attackers to inject arbitrary web scripts PoC https://example.com/wp-admin/options-general.php/"/?page=skatubazaroption...
Multiplayer Games <= 3.7 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /multiplayergames.php file which allows attackers to inject arbitrary web scripts...
WP Fountain <= 1.5.9 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /wp-fountain.php file which allows attackers to inject arbitrary web scripts...
Cross site scripting
The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4...
CVE-2021-34640 Securimage-WP-Fixed <= 3.5.4 Reflected Cross-Site Scripting
The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4...
CVE-2021-34640 Securimage-WP-Fixed <= 3.5.4 Reflected Cross-Site Scripting
The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4...
CVE-2021-34640
CVE-2021-34640 affects the WordPress plugin Securimage-WP-Fixed (versions ≤ 3.5.4). The vulnerability is a reflected Cross-Site Scripting (XSS) caused by using $_SERVER['PHP_SELF'] in the securimage-wp.php file, allowing attackers to inject arbitrary web scripts into the affected site. Impact is ...
Securimage-WP-Fixed <= 3.5.4 - Reflected Cross-Site Scripting (XSS)
The plugin is affected by a Reflected Cross-Site Scripting issue due to the use of $SERVER'PHPSELF' in the /securimage-wp.php file which allows attackers to inject arbitrary web scripts PoC https://example.com/wp-admin/options-general.php/"/script%3E?page=securimage-wp-options%2F...
X-Cart 5.0.10 < 5.3.3.0 Multiple Vulnerabilities
According to the self-reported version in its response header, the version of X-Cart hosted on the remote web server is 5.0.10 5.3.3.0. It is, therefore, affected by multiples vulnerabilities : - A Remote Code execution vulnerability due to insufficient checking of uploaded content. This...
ZoneMinder < 1.34.21 Multiple XSS Vulnerabilities
ZoneMinder is prone to multiple cross-site scripting XSS vulnerabilities via the connkey parameter to download.php or export.php. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Cross site scripting
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $REQUEST'PHPSELF', without applying any proper filtration...