CVE-2023-37133

A stored cross-site scripting XSS vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37125

A stored cross-site scripting XSS vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37125

A stored cross-site scripting XSS vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37125

CVE-2023-37125 affects SEACMS v12.1, with a stored XSS in the Management Custom label module allowing crafted payloads to execute arbitrary client-side scripts. CVSSv3.1 base score 5.4 (Medium) with UI:R, Privileges: LOW, Attack Vector: Network. Connected sources confirm the affected component an...

CVE-2023-37124

A stored cross-site scripting XSS vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37132

A stored cross-site scripting XSS vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2020-23452

A cross-site scripting XSS vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page...

CVE-2020-23452

A cross-site scripting XSS vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page...

Cross site scripting

A cross-site scripting XSS vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page...

WP Reroute Email < 1.5.0 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly sanitize and escape input in the email subject, leading to potential Stored Cross-Site Scripting issues. This flaw allows the injection of arbitrary web scripts that are executed whenever an injected page is accessed...

CVE-2020-23452

A cross-site scripting XSS vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page...

WP Mail Log < 1.1.2 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly sanitize and escape email contents, leading to a potential Stored Cross-Site Scripting vulnerability. This issue allows for arbitrary web scripts to be injected into pages, which will execute when a user accesses an affected page...

CVE-2020-23452

A cross-site scripting XSS vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page...

CVE-2023-22815

Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have...

CVE-2021-30203

A reflected cross-site scripting XSS vulnerability in the zero parameter of dzzoffice 2.02.1SCUTF8 allows attackers to execute arbitrary web scripts or HTML...

Cross site scripting

A reflected cross-site scripting XSS vulnerability in the zero parameter of dzzoffice 2.02.1SCUTF8 allows attackers to execute arbitrary web scripts or HTML...

Cross site scripting

The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users...

CVE-2023-3411

The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing nonce validation on the ajaxstoresave function. This makes it possible for unauthenticated...

Cross site request forgery (csrf)

The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing nonce validation on the ajaxstoresave function. This makes it possible for unauthenticated...

CVE-2023-3412 Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Missing Authorization to Stored Cross-Site Scripting

The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is due to a missing capability check on the ajaxstoresave function. This makes it possible for authenticated...