Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Global Variables feature /index.php?module=globalvars/vars of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create". id:...

WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting

WordPress Post Status Notifier Lite plugin before 1.10.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 is susceptible to cross-site scripting via the url parameter at /controller/OnlinePreviewController.java. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

Linear eMerge E3-Series - Cross-Site Scripting

Linear eMerge E3-Series devices contain a cross-site scripting vulnerability via the type parameter, e.g., to the badging/badgetemplatev0.php component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and thus steal cookie-based...

Rukovoditel <= 3.2.1 - Cross Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Nam...

Rukovoditel <= 3.2.1 - Cross Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Field function at /index.php?module=entities/fields&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short...

Rukovoditel <= 3.2.1 - Cross Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Field function at /index.php?module=entities/fields&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name...

Rukovoditel <= 3.2.1 - Cross-Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Page function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title fiel...

PDF Generator for WordPress < 1.1.2 - Cross Site Scripting

The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin id: CVE-2022-4321 info: name: PDF Generator for WordPress 1.1.2 - Cross Site Scripting author: r3Y3r53,HuTa0 severity: medium...

Rukovoditel <= 3.2.1 - Cross Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Announcement function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the...

WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server. id: CVE-2022-4328 info: name: WooCommerce Checkout Field Manager 18.0 - Arbitrary File Uploa...

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the email parameter in the Check Email function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

NexusPHP <1.7.33 - Cross-Site Scripting

NexusPHP before 1.7.33 contains multiple cross-site scripting vulnerabilities via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. An attacker can...

Membership Database <= 1.0 - Cross-Site Scripting

Membership Database before 1.0 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker t...

ShortPixel Adaptive Images < 3.6.3 - Cross Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin id: CVE-2023-0334 info: name: ShortPixel Adaptive Images 3.6.3 - Cross Site Scripting author:...

Simple URLs < 115 - Cross Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-0099 info: name: Simple URLs 115 - Cross Site Scripting author: r3Y3r53 severit...

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the entriesPerPage parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launc...

WBCE CMS v1.5.4 - Cross Site Scripting (Stored)

A cross-site scripting XSS vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. id: CVE-2022-45037 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...

RPCMS 3.0.2 - Cross-Site Scripting

RPCMS 3.0.2 contains a cross-site scripting vulnerability in the Search function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...

ReQlogic v11.3 - Cross Site Scripting

ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters. id: CVE-2022-41441 info: name: ReQlogic v11.3 - Cross Site Scripting author: r3Y3r53 severity: medium description: | ReQlogic v11.3 allow attackers ...