WordPress Revi.io plugin <= 5.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Revi.io versions = 5.7.3...

PT-2024-35307 · August Infotech · Ai Responsive Gallery Album

Name of the Vulnerable Software and Affected Versions: August Infotech AI Responsive Gallery Album versions n/a through 1.4 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. This allows for Reflected XSS...

WordPress Chessgame Shizzle plugin <= 1.3.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Chessgame Shizzle versions = 1.3.0...

PT-2024-34860 · Tre Technology Research S.R.L · Hq60 Fidelity Card

Name of the Vulnerable Software and Affected Versions: TRe Technology And Research S.R.L HQ60 Fidelity Card versions 1.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected...

PT-2024-34893 · Unknown · Propertyshift

Name of the Vulnerable Software and Affected Versions: PropertyShift versions 1.0.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: For...

PT-2024-34850 · Genethick · Genethick Wp-Basics

Name of the Vulnerable Software and Affected Versions: Genethick WP-Basics versions through 2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. The problem lies in the handling...

CVE-2024-48648

A Reflected Cross-Site Scripting XSS vulnerability exists in the Sage 1000 v 7.0.0. This vulnerability allows attackers to inject malicious scripts into URLs, which are reflected back by the server in the response without proper sanitization or encoding...

CVE-2024-49638

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ali Azlan Risk Warning Bar allows Reflected XSS.This issue affects Risk Warning Bar: from n/a through 1.0...

PT-2024-33606 · Elementor · Extra Privacy For Elementor

Name of the Vulnerable Software and Affected Versions: Extra Privacy for Elementor versions 0.1.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks...

CVE-2024-49224

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Mahesh Patel Mitm Bug Tracker allows Reflected XSS.This issue affects Mitm Bug Tracker: from n/a through 1.0...

CVE-2024-43246

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in creativeon WHMpress allows Reflected XSS.This issue affects WHMpress: from n/a through 6.2-revision-5...

PT-2024-30314 · Woocommerce · Sender

Name of the Vulnerable Software and Affected Versions: Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce versions n/a through 2.6.14 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This...

CVE-2024-6272

The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2024-37400

Name of the Vulnerable Software and Affected Versions: M-Files Hubshare versions prior to 5.0.6.0 Description: The issue allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. This is achieved through a reflected XSS attack. Recommendations: For...

PT-2024-28115 · Adpush · Adpush

Name of the Vulnerable Software and Affected Versions: AdPush versions 1.50 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For AdPush versions 1.5...

CVE-2024-5715

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-36656

In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting XSS attack...

CVE-2024-35718

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.5...

CVE-2024-31488

An improper neutralization of inputs during web page generation vulnerability CWE-79 in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and...

CVE-2024-32568

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP 2FA allows Reflected XSS.This issue affects WP 2FA: from n/a through 2.6.2...