PT-2022-26265 · WordPress · Chained Quiz

Name of the Vulnerable Software and Affected Versions: Chained Quiz plugin for WordPress versions up to, and including, 1.3.2 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to...

CVE-2022-4029

The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforummd5 hash of the WordPress URL' cookie value in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

CVE-2022-3440

The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting...

CVE-2022-2167

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...

CVE-2022-37896

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser ...

CVE-2022-34218

Adobe Experience Manager versions 6.5.13.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

PT-2022-17927 · WordPress · Pre Classified Listings +4

Name of the Vulnerable Software and Affected Versions: Classima WordPress theme versions prior to 2.1.11 Classified Listing versions prior to 2.2.14 Classified Listing Pro versions prior to 2.0.20 Classified Listing Store & Membership versions prior to 1.4.20 Classima Core versions prior to 1.10...

CVE-2022-27546

HCL iNotes is susceptible to a Reflected Cross-site Scripting XSS vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser with...

CVE-2022-2532

The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

CVE-2022-1932

The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file...

CVE-2021-24910

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action available to both unauthenticated and authenticated users when the curl library is installed before outputting it back in the response, leading to a Reflected Cross-Si...

PT-2022-14892 · WordPress · Contact Form

Name of the Vulnerable Software and Affected Versions: Contact Form DB WordPress plugin versions prior to 1.8.0 Description: The issue is related to Reflected Cross-Site Scripting. It occurs because the plugin does not properly sanitise and escape some parameters before outputting them back in...

CVE-2022-36801

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting RXSS vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8...

CVE-2022-2386

The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

多款VMware产品跨站脚本漏洞

VMware vRealize Automation and others are products of VMware, Inc. vRealize Automation is a management tool that provides self-service, supervised multi-cloud automation. vMware Workspace One Access is a centralized management console that enables you to manage users and groups, set and manage...

CVE-2022-2189

The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2022-0899

The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting...

MiCODUS MV720 GPS 跨站脚本漏洞

The MiCODUS MV720 GPS is a GPS tracker from MiCODUS USA. The MiCODUS MV720 GPS suffers from a cross-site scripting vulnerability that stems from a reflected cross-site scripting vulnerability in the main web server, which could allow an attacker to gain control by tricking a user into making a...

CVE-2022-35170

SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting XSS vulnerability, therefore changing the scope of the attack. This leads to limited impact on...

CVE-2022-1470

The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...