PT-2022-7410 · Unknown +1 · Glpi Reports Plugin +1

Name of the Vulnerable Software and Affected Versions: GLPI reports plugin affected versions not specified Description: The issue is related to the incorrect neutralization of input data during web page generation, allowing a remote attacker to conduct Cross-Site-Scripting XSS attacks via a...

CVE-2022-2378

The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

Inout SiteSearch 2.0.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting Both can be used against authenticated and unauthenticated users https://example.com/wp-admin/admin-ajax.php?action=ftsrefreshtokenajax&accesstoken=...

WordPress plugin Ultimate WooCommerce CSV Importer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WP Athletics plugin cross-site scripting vulnerability (CNVD-2022-54969)

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Athletics plugin version 1.1.7 and prior versions are vulnerable to a cross-site scripting...

404 to 301 < 3.1.2 - Reflected Cross-Site Scripting

Description The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=jj4t3-logs&a"alert/XSS/...

Exploit for Cross-site Scripting in School_Dormitory_Management_System_Project School_Dormitory_Management_System

CVE-2022-30514 School Dormitory Management System 1.0 - Refle...

CVE-2022-1806

Cross-site Scripting XSS - Reflected in GitHub repository rtxteam/rtx prior to checkpoint2022-05-18...

CVE-2022-1217

The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHPSELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...

CVE-2022-29975

CVE-2022-29975 is an authenticated reflected Cross-Site Scripting vulnerability in MDaemon prior to 22.0.0. The issue arises from insufficient data validation/filtering of user-supplied and output data via the CC parameter, allowing an attacker with valid credentials to inject script that could e...

GHSA-3J58-P785-F27X Cross-site Scripting in microweber

There is a reflected cross sitem scripting attack in microweber via url parameters...

Cross-site Scripting in microweber

There is a reflected cross sitem scripting attack in microweber via url parameters...

CVE-2021-42551

Cross-site Scripting XSS vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does...

Cross site scripting

Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack...

U.S. Dept Of Defense: Cross-site Scripting (XSS) - Reflected at https://██████████/

Hello Team, i just found a reflected xss bug on your web https://█████ Step To reproduce: poc url: https://████/7/0/33/1d/www.citysearch.com/search?what=x&where=place%22%3E%3Csvg+onload=confirmdocument.domain%3E Impact Impact Data can be stolen, or Javascript can be executed.This is will allow th...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin FV Flowplayer video player, which stems from the playerid parameter in the /view/stats.php file being susceptible to a reflected cross-site scripting attack,...

Cross-site Scripting (XSS) - Reflected in dmpop/mejiro

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

SEO Redirection < 7.4 - Reflected Cross-Site Scripting

The plugin does not escape the tab parameter before outputting it back in JavaScript code, leading to a Reflected Cross-Site Scripting issue " / " /...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the WordPress plugin RentPress versions prior to 6.6.4, which stems...