OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the email parameter in the Check Email function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

Site Offline WP Plugin < 1.5.3 - Authorization Bypass

The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature. id: CVE-2022-1580 info: name: Site Offline WP Plugin 1.5.3 - Authorization Bypass author: s4e-io...

PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting

There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0. id: CVE-2023-40750 info: name: PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site...

WordPress Persian Woocommerce <=5.8.0 - Cross-Site Scripting

WordPress Persian Woocommerce plugin through 5.8.0 contains a cross-site scripting vulnerability. The plugin does not escape the s parameter before outputting it back in an attribute in the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the...

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar. id: CVE-2018-19752 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through 4.11.01 contains a...

Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting

The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues. id: CVE-2017-18558 info: name: Testimonials by BestWebSoft 0.1.9 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS...

Skysa App Bar 1.04 - Cross-Site Scripting

A cross-site scripting vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. id: CVE-2011-5179 info: name: Skysa App Bar 1.04 - Cross-Site Scriptin...

Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting

Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of...

CLink Office 2.0 - Cross-Site Scripting

CLink Office 2.0 is vulnerable to cross-site scripting in the index page of the management console and allows remote attackers to inject arbitrary web script or HTML via the lang parameter. id: CVE-2020-6171 info: name: CLink Office 2.0 - Cross-Site Scripting author: pikpikcu severity: medium...

Camaleon CMS < 2.8.1 Arbitrary File Write to RCE

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a remote...

WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site Scripting

WordPress 2kb Amazon Affiliates Store plugin before 2.1.1 contains multiple cross-site scripting vulnerabilities. The plugin allows an attacker to inject arbitrary web script or HTML via the 1 page parameter or 2 kbAction parameter in the kbAmz page to wp-admin/admin.php, thus making possible the...

Grav CMS <1.3.0 - Cross-Site Scripting

Grav CMS before 1.3.0 is vulnerable to cross-site scripting via system/src/Grav/Common/Twig/Twig.php and allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/tools. id: CVE-2018-5233 info: name: Grav CMS 1.3.0 - Cross-Site Scripting author: pikpikcu severity:...

WordPress Church Admin <0.810 - Cross-Site Scripting

WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/churchadmin-registration-form/. id: CVE-2015-4127 info: name: WordPress Church Admin 0.810 - Cross-Site Scripting author: daffainfo severity...

WordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scripting

The WordPress Download Manager plugin before version 3.2.44 does not properly sanitize and escape the userids parameter in the stats history dashboard. This allows authenticated attackers to perform Cross-Site Scripting attacks by injecting malicious JavaScript code. id: CVE-2022-2168 info: name:...

WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection

The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the lsgetpopupmarkup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

PAN-OS - Reflected Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link.The...

Nexus Repository 2 - Remote Code Execution

A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2.This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1. id: CVE-2024-5082 info: name: Nexus Repository 2 - Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: hi...

WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting

WordPress Pondol Form to Mail 1.1 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authenticati...

BestWebSoft's Twitter < 2.55 - Cross-Site Scripting

The twitter-plugin plugin before 2.55 for WordPress has XSS. id: CVE-2017-18505 info: name: BestWebSoft's Twitter 2.55 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The twitter-plugin plugin before 2.55 for WordPress has XSS. impact: | Authenticated attackers can...

Moodle LTI module Reflected - Cross-Site Scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...