CVE-2024-6124

Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session...

CVE-2024-5883

The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-37211

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5...

CVE-2024-37245

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a through 2.2.0...

CVE-2024-6073

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-6074

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2024-37365 · WordPress · Wp-Cart-For-Digital-Products

Name of the Vulnerable Software and Affected Versions: wp-cart-for-digital-products versions prior to 8.5.5 Description: The issue concerns the wp-cart-for-digital-products WordPress plugin, where it fails to escape the REQUEST URI parameter before outputting it back in an attribute. This could...

PT-2024-37838 · Aguardnet Technology · Aguardnet Technology'S Space Management System

Name of the Vulnerable Software and Affected Versions: AguardNet Technology's Space Management System affected versions not specified Description: The issue is related to improper filtering of user input, allowing remote attackers with regular privileges to inject JavaScript and perform Reflected...

CVE-2024-3801

Sites managed in S@M CMS Concept Intermedia might be vulnerable to Reflected XSS via including scripts in one of GET header parameters. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears...

PT-2024-27875 · Concept Intermedia · S@M Cms

Name of the Vulnerable Software and Affected Versions: S@M CMS Concept Intermedia affected versions not specified Description: The issue concerns a Reflected XSS vulnerability that can be exploited by including scripts in one of the GET header parameters. It is noted that only a part of the...

Concept Intermedia S@M CMS Security Vulnerability

Concept Intermedia S@M CMS is a content management system from Concept Intermedia, Inc. A security vulnerability exists in Concept Intermedia S@M CMS version 3.3 and earlier, which stems from the inclusion of script in the parameters of a request via GET, resulting in a reflected cross-site...

CVE-2024-5859

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘d’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin Averta Master Slider security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

Reflected Cross-site Scripting

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Reflected Cross-site Scripting. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the...

CVE-2024-26111

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

Modern Campus Omni CMS Security Vulnerability

Modern Campus Omni CMS is a web content management system from Modern Campus, Inc. It is used by colleges and universities to manage their websites. A security vulnerability exists in Modern Campus Omni CMS version 2023.1, which stems from a Reflected Cross-Site Scripting XSS vulnerability in the...

Adobe Experience Manager Cross-Site Scripting Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A...

CVE-2024-4749

The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

CVE-2024-4289

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-3822

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...