WordPress Image Gallery-Grid Gallery plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Image Gallery-Grid Gallery plugin 1.1.1 and earlier versions have a cross-site scripting...

LibreHealth EHR Cross-Site Scripting Vulnerability (CNVD-2022-65033)

LibreHealth EHR is a clinically-focused electronic health record EHR system designed to be easy to use out of the box and customizable for use in a variety of healthcare settings. a cross-site scripting vulnerability exists in LibreHealth EHR Base version 2.0.0. The vulnerability stems from a...

Countdown & Clock <= 2.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...

WordPress plugin Mark Daniels Night Mode cross-site scripting vulnerability

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.The WordPress plugin Mark Daniels Night Mode 1.0.0 and previous versions have a cross-site scripting vulnerability, which originates from a...

Veritas NetBackup Cross-Site Scripting Vulnerability

Veritas NetBackup is a storage service used by Veritas, Inc. to provide backup and recovery capabilities for enterprise environments. Veritas NetBackup OpsCenter Analytics version 9.1 is vulnerable to a cross-site scripting vulnerability caused by a failure to effectively escape and filter the...

CVE-2022-0994

The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Rapid7 Nexpose has an unspecified vulnerability (CNVD-2022-21218)

Rapid7 Nexpose is a set of vulnerability management software from Rapid7, Inc. that can use the scan results to deeply probe the network. The software supports scanning configuration environments for errors, vulnerabilities, malware, etc. Rapid7 Nexpose 6.6.129 and previous versions have a securi...

CVE-2022-23987 WS Form < 1.8.176 - Admin+ Stored Cross-Site Scripting

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24898 EditableTable <= 0.1.4 - Admin+ Stored Cross-Site Scripting

The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

SEO 301 Meta <= 1.9.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Request or Destination settings of the plugin: "...

Cross-Site Scripting (XSS)

orchardcore is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim's browser...

CVE-2021-36739 XSS vulnerability in the MVCBean JSP portlet maven archetype

The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting XSS attacks...

Unspecified Vulnerability in BlogCMS

BlogCMS is a PHP and MySQL based blogging system by the individual developer Pramod Mahato in India. A security vulnerability exists in BlogCMS v1.0, which originates from the /controller/CommentAdminController.java component. The vulnerability can be exploited by an attacker to perform cross-sit...

Security Audit <= 1.0.0 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Data ID setting of the plugin...

Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks PoC As a contributor, create a custom field in a post, with the following payload: Then add the following shortcode to the...

Cross site scripting

The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Gutenberg PDF Viewer Block < 1.0.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. PoC...

LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltredhtml capability is disallowed PoC When adding new courses, the following fields can have XSS payloads like "...

Post Views Counter < 1.3.5 - Authenticated Stored XSS

The plugin does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Post Views Label settings of the plugin...

Nagios Network Analyzer Self-XSS Vulnerability

Nagios Network Analyzer is a network data flow analyzer that provides a view of all network traffic and bandwidth utilization. A Self-XSS vulnerability exists in Nagios Network Analyzer versions prior to 2.4.2. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via...