115 matches found
CVE-2024-1723
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...
CVE-2024-57773
A cross-site scripting XSS vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-53599
A cross-site scripting XSS vulnerability in the /scroll.php endpoint of LafeLabs Chaos v0.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-27245
A cross-site scripting XSS vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module...
CVE-2022-28102
A cross-site scripting XSS vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php...
CVE-2022-45225
Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the booktitle parameter...
CVE-2022-44947
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Highlight Row feature at /index.php?module=entities/listingtypesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note fiel...
CVE-2022-34562
A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box...
CVE-2022-25022
A cross-site scripting XSS vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post...
CVE-2022-44390
A cross-site scripting XSS vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field...
CVE-2021-34190
A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module...
CVE-2021-46558
Multiple cross-site scripting XSS vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields...
CVE-2020-23618
A reflected cross site scripting XSS vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page...
CVE-2020-35984
A stored cross site scripting XSS vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter...
CVE-2020-35985
A stored cross site scripting XSS vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter...
CVE-2020-36502
Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting XSS vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself...
CVE-2020-21929
A stored cross site scripting XSS vulnerability in the webcopyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML...
CVE-2020-20701
A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-19950
A cross-site scripting XSS vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML...
CVE-2024-53569
A stored cross-site scripting XSS vulnerability in the New Goal Creation section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the description parameter...