175 matches found
CVE-2021-24275
The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...
CVE-2021-24276
The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...
CVE-2021-24274
The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...
CVE-2021-24234
The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to...
RosarioSIS Cross-Site Scripting Vulnerability (CNVD-2020-42950)
RosarioSIS is a student information system for school management. A cross-site scripting vulnerability exists in RosarioSIS 6.7.2. The vulnerability stems from improper validation of user-supplied input in the Preferences.php script. A remote attacker can exploit the vulnerability by using the ta...
CVE-2015-9410
The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter...
PT-2019-7369 · Blubrry · Blubrry Powerpress Podcasting Plugin
Name of the Vulnerable Software and Affected Versions: Blubrry PowerPress Podcasting plugin version 6.0.4 Description: The issue is related to a cross-site scripting XSS vulnerability. It occurs via the tab parameter. There is no information provided about the estimated number of potentially...
PT-2019-13826 · Woo Variation Swatches · Woo-Variation-Swatches
Name of the Vulnerable Software and Affected Versions: Woo-variation-swatches plugin version 1.0.61 Description: The issue allows for XSS via the "tab" parameter in the 'wp-admin/admin.php?page=woo-variation-swatches-settings' endpoint. Recommendations: For version 1.0.61, consider disabling acce...
idreamsoft iCMS Cross-Site Scripting Vulnerability (CNVD-2019-12120)
iCMS is an efficient and simple content management system built with PHP and MySQL. A cross-site scripting vulnerability exists in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14, which can be exploited by an attacker via the admincp.php?app=config tab parameter...
CVE-2018-17947
The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter...
CVE-2018-9034
Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...
CVE-2018-9034
Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...
CVE-2018-9034
CVE-2018-9034 affects the WordPress Relevanssi plugin, specifically version 4.0.4 (and possibly earlier). The vulnerability is a Reflected XSS in lib/interface.php where the GET parameter tab is read and echoed into HTML without proper escaping, allowing an attacker to inject arbitrary JavaScript...
CVE-2018-8767
joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...
WordPress PopCash.Net Code Integration Tool plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . PopCash.Net Code Integration Tool plugin is used in one of the code integration tool . A cross-site scripting...
CVE-2017-15810
The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php...
CVE-2017-15810
The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php...
Piwigo Remote File Inclusion Vulnerability
Piwigo is a photo album script written in PHP. A security vulnerability exists in the admin/languages.php implementation in versions prior to Piwigo 2.8.3, where a remote administrator user passes the tab parameter and the executable file contains an attack...
CVE-2016-10085
admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter...