VulnCheck KEV: CVE-2020-13158

Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter...

WP Popup Builder < 1.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting The custom-popup parameter needs to be the ID of an existing popup https://example.com/wp-admin/admin.php?page=wppb&pos-name=xxx"alert%2FXSS%2F%3B&custom-popup=1...

CVE-2020-13158

Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in tinymce/popup.php in the Ruven Toolkit plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the popup parameter...

CVE-2014-4548

Cross-site scripting XSS vulnerability in tinymce/popup.php in the Ruven Toolkit plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the popup parameter...

CVE-2009-4056

The CVE-2009-4056 entry concerns Betsy CMS 3.5, where a directory traversal flaw exists in admin/popup.php. The vulnerability allows remote attackers to cause local file inclusion and arbitrary code execution by supplying a .. (dot dot) sequence in the popup parameter. Affected component: Betsy C...