CVE-2024-11278

The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

CVE-2024-11278 GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting

The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

CVE-2024-52701

A stored cross-site scripting XSS vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter...

CVE-2024-48535

CVE-2024-48535 describes a stored XSS vulnerability in eSoft Planner 3.24.08271-USA where an attacker can inject arbitrary web scripts/HTML via the Name parameter. Multiple sources (NVD, Red Hat, CNNVD, CVE listing, and related enrichments) confirm the same issue, classed as a stored XSS. The ava...

CVE-2024-52702

A stored cross-site scripting XSS vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter. NOTE: this is disputed by the Supplier because Website Name can only be set ...

CVE-2024-52702

CVE-2024-52702 affects MyBB v1.8.38 (install/index.php) with a stored XSS via the Website Name parameter. Multiple sources (NVD/NVD mirrors, Red Hat, CNVD/CNNVD, OpenVAS) confirm the vulnerability in the install/index.php component; exploit details are not elaborated beyond XSS. Root cause points...

CVE-2024-48535

A stored cross-site scripting XSS vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

CVE-2024-52701

CVE-2024-52701 is a stored XSS in Piwigo v14.5.0 (Configuration page) where a crafted payload inserted into the Page banner parameter can execute arbitrary scripts/HTML in a victim’s browser. Affected software: Piwigo 14.5.0; impact is browser-based script execution with low integrity/confidentia...

CVE-2024-48535

A stored cross-site scripting XSS vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

CVE-2024-52701

A stored cross-site scripting XSS vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter...

CVE-2024-11400

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the reallycurrtax parameter in all versions up to, and including, 1.3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-11400 HUSKY – Products Filter for WooCommerce <= 1.3.6.3 - Reflected Cross-Site Scripting via really_curr_tax Parameter

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the reallycurrtax parameter in all versions up to, and including, 1.3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-52763

A cross-site scripting XSS vulnerability in the component /graphallperiods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter...

CVE-2024-52763

A cross-site scripting XSS vulnerability in the component /graphallperiods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter...

CVE-2024-52762

A cross-site scripting XSS vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter...

CVE-2024-9777

The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.243. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...

CVE-2024-9777

CVE-2024-9777 (Ashe theme for WordPress) is a Reflected Cross‑Site Scripting issue caused by insufficient escaping of add_query_arg usage in all versions up to 2.243. The vulnerability allows unauthenticated attackers to inject scripts into pages that execute when a user is enticed to perform an ...

CVE-2024-9777 Ashe <= 2.243 - Reflected Cross-Site Scripting via add_query_arg Parameter

The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.243. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...

CVE-2024-9777 Ashe <= 2.243 - Reflected Cross-Site Scripting via add_query_arg Parameter

The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.243. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...

CVE-2024-9830 Bard <= 2.216 - Reflected Cross-Site Scripting via add_query_arg Parameter

The Bard theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.216. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...