CVE-2019-25744 WordPress Popup Builder 3.49 Persistent Cross-Site Scripting

WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the posttitle parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads...

CVE-2019-25744

WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the posttitle parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads...

CVE-2019-25744

The CVE-2019-25744 entry concerns WordPress Popup Builder 3.49, which is vulnerable to a persistent cross-site scripting (XSS) flaw. The affected component is the post_title parameter, where an attacker can break out of option tags and craft POST requests to the post.php endpoint with a script pa...

CVE-2025-41102

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/events/save'...

EUVD-2020-23408

Malware in sbrugna...

CVE-2024-3558

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfsposttitle' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2020-35752

Baby Care System 1.0 is affected by a cross-site scripting XSS vulnerability in the Edit Page tab through the Post title parameter...

WordPress plugin MotoPress Timetable and Event Schedule 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2021-3327

Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the posttitle parameter...

CVE-2020-35752

Baby Care System 1.0 is affected by a cross-site scripting XSS vulnerability in the Edit Page tab through the Post title parameter...

CVE-2020-35752

Baby Care System 1.0 is affected by a cross-site scripting XSS vulnerability in the Edit Page tab through the Post title parameter...

Cross site scripting

Baby Care System 1.0 is affected by a cross-site scripting XSS vulnerability in the Edit Page tab through the Post title parameter...

CVE-2020-35752

Baby Care System 1.0 is affected by a cross-site scripting XSS vulnerability in the Edit Page tab through the Post title parameter...

Sourcecodester baby-care-system-phpmysqli-full-source-code 跨站脚本漏洞

Sourcecodester baby-care-system-phpmysqli-full-source-code is a Sourcecodester open source application. Used to manage infant health care. A cross-site scripting vulnerability exists in baby-care-system-phpmysqli-full-source-code 1.0, which is affected by a cross-site scripting XSS vulnerability ...

WordPress FooGallery Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress FooGallery. An attacker can exploit this vulnerability to allow XSS...

CVE-2019-20182

The FooGallery plugin 1.8.12 for WordPress allow XSS via the posttitle parameter...

CVE-2018-5312

The tabs-responsive plugin 1.8.0 for WordPress has XSS via the posttitle parameter to wp-admin/post.php...

vBulletin 4.1.12 Cross Site Scripting

TITLE ....... vBulletin 4.1.12 Reflected XSS try csrf for registered users DATE ........ 24.04.2012 AUTOHR ...... http://hauntit.blogspot.com SOFT LINK ... http://www.vbulletin.com VERSION ..... 4.1.12 TESTED ON ... LAMP ----------------------------------------------------------------------- 1...

CVE-2010-4863

Cross-site scripting XSS vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter...

CVE-2010-4863

Cross-site scripting XSS vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter...