WordPress E2Pdf <1.16.45 - Cross-Site Scripting

WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfilteredhtml capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context o...

WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting

WordPress Embed Swagger plugin 1.0.0 and prior contains a reflected cross-site scripting vulnerability due to insufficient escaping/sanitization and validation via the url parameter found in the /swagger-iframe.php file, which allows attackers to inject arbitrary web scripts onto the page. id:...

WordPress White Label CMS <2.2.9 - Cross-Site Scripting

WordPress White Label CMS plugin before 2.2.9 contains a reflected cross-site scripting vulnerability. It does not sanitize and validate the wlcmslogincustomjs parameter before outputting it back in the response while previewing. id: CVE-2022-0422 info: name: WordPress White Label CMS 2.2.9 -...

Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting

Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/mynotifications NEWUINAV parameter. id: CVE-2021-36450 info: name: Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting author: atomiczsec severity: medium description: Verint...

FV Flowplayer Video Player WordPress plugin - Authenticated Cross-Site Scripting

The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the playerid parameter found in the /view/stats.php file which allows attackers to inject arbitrary web scripts in versions 7.5.0.727 - 7.5.2.727. id: CVE-2021-39350 info: name: FV Flowplayer Video...

Bludit 3.13.1 - Cross Site Scripting

Cross Site Scripting XSS vulnerability exists in bludit 3-13-1 via the username in admin/login id: CVE-2021-35323 info: name: Bludit 3.13.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | Cross Site Scripting XSS vulnerability exists in bludit 3-13-1 via the username in...

WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting

WordPress Skaut Bazar plugin before 1.3.3 contains a reflected cross-site scripting vulnerability due to the use of $SERVER'PHPSELF' in the /skaut-bazar.php file, which allows attackers to inject arbitrary web scripts. id: CVE-2021-34643 info: name: WordPress Skaut Bazar 1.3.3 - Cross-Site...

BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting

BeyondTrust Secure Remote Access Base through 6.0.1 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML. id: CVE-2021-31589 info: name: BeyondTrust Secure Remote Access Base =6.0.1 - Cross-Site Scripting author: Ahmed Abou-Ela,r3Y3r53...

Clansphere CMS 2011.4 - Cross-Site Scripting

Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the "language" parameter. id: CVE-2021-27310 info: name: Clansphere CMS 2011.4 - Cross-Site Scripting author: alph4byt3 severity: medium description: Clansphere CMS 2011.4 contains an unauthenticate...

WordPress WooCommerce <1.13.22 - Cross-Site Scripting

WordPress WooCommerce before 1.13.22 contains a reflected cross-site scripting vulnerability via the slider import search feature because it does not properly sanitize the keyword GET parameter. id: CVE-2021-24300 info: name: WordPress WooCommerce 1.13.22 - Cross-Site Scripting author: cckuailong...

WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting

WordPress Supsystic Contact Form plugin before 1.7.15 contains a cross-site scripting vulnerability. It does not sanitize the tab parameter of its options page before outputting it in an attribute. id: CVE-2021-24276 info: name: WordPress Supsystic Contact Form 1.7.15 - Cross-Site Scripting autho...

Advantech R-SeeNet 2.4.12 - Cross-Site Scripting

Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the sshform.php script functionality. id: CVE-2021-21800 info: name: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting author: arafatansari severity: medium description: | Advantech R-SeeNet 2.4.12 contains a...

Aryanic HighMail (High CMS) - Cross-Site Scripting

A cross-site scripting vulnerability in Aryanic HighMail High CMS versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. id: CVE-2020-23517 info: name: Aryanic HighMail High CMS - Cross-Site Scripting author: geeknik severity: medium...

Apache OFBiz 17.12.03 - Cross-Site Scripting

Apache OFBiz 17.12.03 contains cross-site scripting and unsafe deserialization vulnerabilities via an XML-RPC request. id: CVE-2020-9496 info: name: Apache OFBiz 17.12.03 - Cross-Site Scripting author: dwisiswant0 severity: medium description: Apache OFBiz 17.12.03 contains cross-site scripting a...

McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting

McAfee ePolicy Orchestrator before 5.10.9 Update 9 is vulnerable to a cross-site scripting vulnerability that allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. reference: -...

WordPress 15Zine <3.3.0 - Cross-Site Scripting

WordPress 15Zine before 3.3.0 is vulnerable to reflected cross-site scripting because the theme does not sanitize the cbi parameter before including it in the HTTP response via the cbsa AJAX action. id: CVE-2020-36510 info: name: WordPress 15Zine 3.3.0 - Cross-Site Scripting author: veshraj...

PHPGurukul Hospital Management System - Cross-Site Scripting

PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2020-5191 info: name: PHPGurukul Hospital Management System -...

twitter-server Cross-Site Scripting

twitter-server before 20.12.0 is vulnerable to cross-site scripting in some configurations. The vulnerability exists in the administration panel of twitter-server in the histograms component via server/handler/HistogramQueryHandler.scala. id: CVE-2020-35774 info: name: twitter-server Cross-Site...

PacsOne Server <7.1.1 - Cross-Site Scripting

PacsOne Server PACS Server In One Box below 7.1.1 is vulnerable to cross-site scripting. id: CVE-2020-29164 info: name: PacsOne Server 7.1.1 - Cross-Site Scripting author: geeknik severity: medium description: PacsOne Server PACS Server In One Box below 7.1.1 is vulnerable to cross-site scripting...

Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting

Wordpress EventON Calendar 3.0.5 is vulnerable to cross-site scripting because it allows addons/?q= XSS via the search field. id: CVE-2020-29395 info: name: Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting author: daffainfo severity: medium description: Wordpress EventON Calendar 3.0.5 is...