5 matches found
CVE-2024-9227
The CVE concerns the WordPress PowerPress Podcasting plugin by Blubrry (versions prior to 11.9.18). The issue is insufficient sanitization/escaping of certain podcast settings when adding a podcast, enabling Stored Cross-Site Scripting (XSS) attacks and affecting admin users, even with unfiltered...
CVE-2025-20147
The CVE-2025-20147 issue affects Cisco Catalyst SD-WAN Manager (vManage) web-based management interface. The root cause is improper sanitization of user input in the management UI, enabling an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on the affected sys...
GHSA-Q9Q2-3PPX-MWQF Graylog Allows Stored Cross-Site Scripting via Files Plugin and API Browser
Impact Two minor vulnerabilities were identified in the Graylog2 enterprise server, which can be combined to carry out a stored cross-site scripting attack. An attacker with the permission FILESCREATE can exploit these vulnerabilities to upload arbitrary Javascript code to the Graylog2 server,...
CVE-2024-10108
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advertsadd shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...
FortiManager and FortiAnalyzer - Multiple reflected XSS
Multiple improper neutralization of input during web page generation CWE-79 in FortiManager and FortiAnalyzer user interface may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack XSS by injecting malicious payload in GET parameters...