PT-2024-29432 · Cadclick · Cadclick

Name of the Vulnerable Software and Affected Versions: CADClick versions 1.11.0 and earlier Description: A reflected cross-site scripting XSS vulnerability in "PrevPgGroup.aspx" allows remote attackers to inject arbitrary web script or HTML via the wer parameter. This flaw lets remote attackers...

PT-2024-39584 · WordPress · Auto Amazon Links – Amazon Associates Affiliate Plugin

Name of the Vulnerable Software and Affected Versions: The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress versions up to, and including, 5.4.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate...

PT-2024-39581 · WordPress · The Product Delivery Date For Woocommerce – Lite

Name of the Vulnerable Software and Affected Versions: The Product Delivery Date for WooCommerce – Lite plugin for WordPress versions up to, and including, 2.7.3 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the...

PT-2024-39506 · WordPress · Loggedin – Limit Active Logins

Name of the Vulnerable Software and Affected Versions: Loggedin – Limit Active Logins plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows...

WordPress plugin Auto Featured Image from Title 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

PT-2024-39251 · WordPress · Auto Featured Image From Title

Name of the Vulnerable Software and Affected Versions: Auto Featured Image from Title plugin for WordPress versions prior to 2.3 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows unauthenticated...

WordPress GTM Server Side plugin <= 2.1.19 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin GTM Server Side versions = 2.1.19...

CVE-2024-6018

The Music Request Manager WordPress plugin through 1.3 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

SAP S/4HANA 跨站脚本漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A cross-site scripting vulnerability exists in SAP S/4HANA that stems from weak coding of user control inputs and e-procurement on SAP S/4HANA that allows the execution of...

CVE-2024-6020

The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $SERVER'REQUESTURI' parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting...

CVE-2024-7354

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

PT-2024-30494 · Unknown · Invite Anyone

Name of the Vulnerable Software and Affected Versions: Invite Anyone versions 1.4.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Reflected XSS. Recommendations: For versions 1.4.7...

PT-2024-7656 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.07.1 Description: The issue is related to a reflected Cross Site Scripting XSS vulnerability on the agentPushPreset page. This vulnerability exists due to inadequate protection of the web page...

CVE-2024-6134

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PHPGurukul Old Age Home Management System 安全漏洞

PHPGurukul Old Age Home Management System is a nursing home management system from PHPGurukul, Inc. A security vulnerability exists in version v1.0 of the PHPGurukul Old Age Home Management System, which stems from a Reflected Cross-Site Scripting XSS vulnerability in the searchdata parameter of...

CVE-2024-41242

A Reflected Cross Site Scripting XSS vulnerability was found in /smsa/studentlogin.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter...

Kashipara Responsive School Management System 安全漏洞

Kashipara Responsive School Management System is a school management system from Kashipara. A security vulnerability exists in Kashipara Responsive School Management System version v3.2.0, which originates from a reflected cross-site scripting vulnerability contained in the /smsa/teacherlogin.php...

CVE-2024-6223

The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

UBUNTU-CVE-2024-41810

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site...