183 matches found
Sql injection
Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php aka p=products via the c or s parameter...
CVE-2021-24316
The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue...
CVE-2021-24213
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page...
Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability
Document Title: =============== Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2251 Release Date: ============= 2020-05-06 Vulnerability Laboratory ID VL-ID: ==================================== 225...
wpForo < 1.7.0 - Reflected Cross-Site Scripting (XSS) via s Parameter
The plugin did not escape, validate or escape the 's' GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in admin PoC https://example.com/wp-admin/admin.php?page=wpforo-phrases="...
CVE-2020-12054
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...
Cross site scripting
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...
CVE-2015-9504
The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter...
CVE-2015-9504
The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter...
CVE-2015-9504
The CVE-2015-9504 entry describes an XSS vulnerability in the WordPress WeeklyNews theme prior to version 2.2.9, exploitable via the s parameter. Affected component/file: the weeklynews WordPress theme (pre-2.2.9). Root cause: reflected XSS through the s query parameter, allowing an attacker to i...
CVE-2019-17115
Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...
S-CMS enterprise website builder system aj***.php page G_s*** parameter exists SQL injection vulnerability
S-CMS enterprise station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. S-CMS enterprise website building system aj.php page Gs parameters exist SQL injection vulnerability, attackers can use the...
CVE-2016-10999
The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter...
CVE-2016-10994
The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter...
CVE-2016-10994
The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter...
Design/Logic Flaw
The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter...
CVE-2016-10994
The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter...
CVE-2016-10994
The CVE-2016-10994 entry concerns the Truemag theme (WordPress) 2016 Q2 and reports an XSS vulnerability via the s parameter. Multiple connected sources corroborate an unauthenticated reflected XSS affecting the Truemag WordPress theme, with PoC examples showing input like s="> that can be ref...
CVE-2016-10993
The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter...