CVE-2022-3601 Image Hover Effects Css3 <= 4.5 - Admin+ Stored XSS

The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3539 Testimonials (Free < 2.7, Pro < 1.0.8) - Admin+ Stored Cross-Site Scripting

The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-3036 Gettext override translations < 2.0.0 - Admin+ Stored Cross-Site Scripting

The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

PT-2022-15145 · WordPress · Advanced Wordpress Reset

Name of the Vulnerable Software and Affected Versions: Advanced WordPress Reset WordPress plugin versions prior to 1.6 Description: The issue concerns Reflected Cross-Site Scripting. It occurs because some generated URLs are not properly escaped before being outputted back in href attributes of...

CVE-2022-2149 Very Simple Breadcrumb <= 1.0 - Admin+ Stored Cross-Site Scripting

The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Add the following payload to a new quote:...

CVE-2022-1029 Limit Login Attempts < 4.0.72 - Admin+ Stored Cross-Site Scripting

The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite...

MashShare <= 3.8.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-1456 Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting

The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfilteredhtml is disallowed...

CVE-2022-1089 Bulk Edit and Create User Profiles < 1.5.14 - Admin+ Stored Cross-Site Scripting

The Bulk Edit and Create User Profiles WordPress plugin before 1.5.14 does not sanitise and escape the Users Login, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0728 Easy Smooth Scroll Links < 2.23.1 - Admin+ Stored Cross-Site Scripting

The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0211 Shield Security < 13.0.6 - Admin+ Stored Cross-Site Scripting

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

BetterDocs 1.9.0-1.9.1 - Reflected Cross-Site Scripting

The plugin does not escape the daterange parameter before outputting it back in the All docs admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=betterdocs-admin&daterange="alert/XSS/...

CVE-2020-15155

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7...

CMS Made Simple <= 2.2.14 Multiple XSS Vulnerabilities

CMS Made Simple is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2019-16333

GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting XSS in admin/theme-edit.php...

CVE-2018-9993

YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/ page aka a news center page...

chCounter indirect SQL Injection and XSS Vulnerabilities

No description provided by source. Exploit Title: chCounter indirect SQL Injection and XSS Vulnerabilities Date: 29.04.2010 Author: Valentin Category: webapps/0day Version: 3.1.1 Tested on: Debian, Apache2, PHP5, MySQL5 CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1...

CVE-2009-1553

Multiple cross-site scripting XSS vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to 1 applications/applications.jsf, 2 configuration/configuration.jsf, 3 customMBeans/customMBeans.jsf, ...