1184 matches found
CVE-2021-24268
The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...
CVE-2021-29661
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diagvalues.html Stored XSS via the ITEMLISTVALUESITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it...
CVE-2021-24129
Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting XSS vulnerabilities allowing low-privileged users Contributor+ to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Pan...
CVE-2020-2292
Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Release/Release permission...
Cross site scripting
SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content...
CVE-2020-13888
Kordil EDMS through 2.2.60rc3 allows stored XSS in usersedit.php, usersmanagementedit.php, and usermanagement.php...
CVE-2019-20768
ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparmitemguid and sysid parameters in an Incident Request to servicecatalog.do...
CVE-2019-20714
Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22,...
CVE-2020-11768
Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30,...
CVE-2019-19500
Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS via unfiltered description parameters, as demonstrated by the comment field of a special order for individual software...
VulnCheck KEV: CVE-2019-17231
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues...
PT-2020-12622 · Limesurvey · Limesurvey
Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 4.1.12+200324 Description: The issue concerns stored XSS in certain files, specifically in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php, which is related to...
CVE-2019-19222
A Stored XSS issue in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wirelessautonetwork1 POST request...
PT-2020-10101 · D Link · Dsl-2680
Name of the Vulnerable Software and Affected Versions: D-Link DSL-2680 version EU 1.03 Description: A Stored XSS issue in the web administration interface allows an authenticated attacker to inject arbitrary JavaScript code into the administration page by sending a crafted "Forms/wireless...
CVE-2020-9335
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the MyAccountPortlet fields such as First Name, Middle Name, and Last Name. A user can inject malicious scripts that persist within the database and are executed when other users view these modified fields...
PT-2018-14397 · Alchemycms · Alchemycms
Name of the Vulnerable Software and Affected Versions: AlchemyCMS version 4.1.0 Description: A Stored XSS issue has been found in AlchemyCMS via the "/admin/pictures" image field. The vendor disputes the validity of this report, stating that the researcher used an authorized cookie to access a...
CVE-2018-14962
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php...
CVE-2018-12992
An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface...
CVE-2018-9121
In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment...