1119470 matches found
PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting
PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header. id: CVE-2022-24181 info: name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting author: lucasljm2001,ekrause severit...
FortiWeb - Cross Site Scripting
FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...
WordPress BackupBuddy <8.8.3 - Cross Site Scripting
WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected...
Juniper Web Device Manager - Cross-Site Scripting
Juniper Web Device Manager J-Web in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal...
WBCE CMS v1.5.4 - Cross Site Scripting (Stored)
A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. id: CVE-2022-45038 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...
WordPress E2Pdf <1.16.45 - Cross-Site Scripting
WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfilteredhtml capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context o...
ZEROF Web Server 2.0 - Cross-Site Scripting
ZEROF Web Server 2.0 allows /admin.back cross-site scripting. id: CVE-2022-25323 info: name: ZEROF Web Server 2.0 - Cross-Site Scripting author: pikpikcu severity: medium description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting. impact: | Successful exploitation of this...
WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting
The plugin was affected by a reflected cross-site scripting vulnerability in the wooce admin page. id: CVE-2022-0149 info: name: WooCommerce Stored Exporter WordPress Plugin 2.7.1 - Cross-Site Scripting author: dhiyaneshDk severity: medium description: The plugin was affected by a reflected...
WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote Code Execution
WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code executio...
Reprise License Manager 14.2 - Cross-Site Scripting
Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/loginprocess 'username' parameter via GET, whereby no authentication is required. id: CVE-2022-28363 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: Akincibor severity: medi...
WordPress Events Calendar <1.4.5 - Cross-Site Scripting
WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking...
WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting
WordPress Calendar Event Multi View plugin before 1.4.01 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php. id: CVE-2021-24498 info: name: WordPress...
WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting
WordPress Pro Real Estate 7 theme before 3.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the ctcommunity parameter in its search listing page before outputting it back. id: CVE-2021-24387 info: name: WordPress Pro Real Estate 7 Theme 3.1.1 - Cross-Site...
Apereo CAS Cross-Site Scripting
Apereo CAS through 6.4.1 allows cross-site scripting via POST requests sent to the REST API endpoints. id: CVE-2021-42567 info: name: Apereo CAS Cross-Site Scripting author: pdteam severity: medium description: Apereo CAS through 6.4.1 allows cross-site scripting via POST requests sent to the RES...
Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting
Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response i...
Jenzabar 9.2x-9.2.2 - Cross-Site Scripting
Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting vulnerability. It allows /ics?tool=search&query. id: CVE-2021-26723 info: name: Jenzabar 9.2x-9.2.2 - Cross-Site Scripting author: pikpikcu severity: medium description: Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting...
WordPress FeedWordPress < 2022.0123 - Authenticated Cross-Site Scripting
The plugin is affected by a cross-site scripting vulnerability within the "visibility" parameter. id: CVE-2021-25055 info: name: WordPress FeedWordPress 2022.0123 - Authenticated Cross-Site Scripting author: DhiyaneshDK severity: medium description: | The plugin is affected by a cross-site...
Moodle 3.8-3.10.3 - Reflected XSS & Open Redirect
Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 contain a reflected XSS and open redirect caused by insufficient sanitization of the redirect URI in the LTI authorization endpoint, letting attackers execute scripts or redirect users maliciously, exploit requires crafted URL with...
Fortinet FortiMail 7.0.1 - Cross-Site Scripting
A cross-site scripting vulnerability in FortiMail may allow an unauthenticated attacker to perform an attack via specially crafted HTTP GET requests to the FortiGuard URI protection service. id: CVE-2021-43062 info: name: Fortinet FortiMail 7.0.1 - Cross-Site Scripting author: ajaysenr severity:...