5210 matches found
CVE-2024-53563
A stored cross-site scripting XSS vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...
CVE-2025-22996
A stored cross-site scripting XSS vulnerability in the spftablecontent component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter...
CVE-2025-22997
A stored cross-site scripting XSS vulnerability in the prftablecontent component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter...
CVE-2025-22997
A stored cross-site scripting XSS vulnerability in the prftablecontent component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter...
Linksys E5600 安全漏洞
Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys USA. A security vulnerability exists in Linksys E5600 Ver.1.1.0.26. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload with the desc parameter...
Cross-Site Scripting (XSS)
getgrav/grav is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of user input, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-11892
The Accordion Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordionslider' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-12407 Push Notification for Post and BuddyPress <= 2.07 - Reflected Cross-Site Scripting
The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...
CVE-2024-12304
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via button block link in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2024-12285
The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘catid’ parameter in all versions up to, and including, 5.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...
CVE-2024-12819
CVE-2024-12819 affects the WordPress Searchie plugin up to version 1.17.0. The vulnerability is a Stored Cross-Site Scripting (XSS) via the plugin shortcode sio_embed_media, caused by insufficient input sanitization and output escaping on user-supplied attributes. Impact: authenticated attackers ...
CVE-2024-11686 WhatsApp click to chat <= 3.0.4 - Reflected Cross-Site Scripting
The WhatsApp 🚀 click to chat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'manycontactscode' parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
REDCap 安全漏洞
REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap version 14.9.6. An attacker can exploit the vulnerability to execute arbitrary web scripts...
REDCap 安全漏洞
REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap version 14.9.6. An attacker can exploit the vulnerability to execute arbitrary web scripts...
CVE-2024-42898
CVE-2024-42898 affects Nagios XI 2024R1.1.4 with a cross-site scripting (XSS) vulnerability exposed via the Name field on Account Settings. The root cause is lack of input validation allowing arbitrary web scripts/HTML execution. Red Hat and multiple feeds corroborate the XSS issue; exploit detai...
CVE-2024-12852
CVE-2024-12852 refers to a stored XSS vulnerability in the Happy Addons for Elementor plugin for WordPress, exploitable via the ha_cmc_text parameter in the Happy Mouse Cursor. The issue affects all versions up to 3.15.1 and arises from insufficient input sanitization and output escaping. This al...
CVE-2024-12205
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-9354 Estatik Mortgage Calculator <= 2.0.11 - Reflected Cross-Site Scripting
The Estatik Mortgage Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'color' parameter in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-9702
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialrocket-floating' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-12633
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page parameter in all versions up to, and including, 5.6.17 due to insufficient input sanitization and output escaping. This makes it possible for...