12 matches found
CVE-2022-0600
The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting...
EUVD-2015-9189
Malware in sbrugna...
EUVD-2024-17535
Malicious code in bioql PyPI...
EUVD-2024-33340
Malicious code in bioql PyPI...
CVE-2024-6072
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2021-24697
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1 sdmactivetab GET parameter and 2 sdmstatsstartdate/sdmstatsenddate POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...
CVE-2025-39567 WordPress Web Directory Free plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shamalli Web Directory Free web-directory-free allows Reflected XSS.This issue affects Web Directory Free: from n/a through = 1.7.8...
CVE-2025-32116 WordPress QR Master plugin <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Studi7 QR Master allows Reflected XSS. This issue affects QR Master: from n/a through 1.0.5...
CVE-2024-13839
The CVE-2024-13839 entry concerns the Staff Directory Plugin: Company Directory (WordPress). It describes a Reflected Cross-Site Scripting vulnerability caused by insufficient escaping in add_query_arg, affecting all versions up to 4.3. The impact is unauthenticated injection of web scripts in pa...
CVE-2025-23526 WordPress Swift Calendar Online Appointment Scheduling plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SwiftCloud Swift Calendar Online Appointment Scheduling online-appointment-scheduling-software allows Reflected XSS.This issue affects Swift Calendar Online Appointment Scheduling: from n/a through...
CVE-2024-12586
CVE-2024-12586 affects Chalet-Montagne.com Tools WordPress plugin (
CVE-2024-13352
The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...