CVE-2024-44851

Summary: CVE-2024-44851 is a stored XSS in Perfex CRM v1.1.0. The vulnerability resides in the Discussion section, where a crafted payload placed into the Content parameter can trigger script/HTML execution in browsers that view the page. Sources consistently identify the affected software as Per...

CVE-2024-44573

A stored cross-site scripting XSS vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-44851

A stored cross-site scripting XSS vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

CVE-2024-44573

A stored cross-site scripting XSS vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-44573

The CVE-2024-44573 describes a stored XSS in the VLAN configuration of RELY-PCIe, affecting versions 22.2.1 through 23.1.0. The underlying issue is a stored payload that allows attackers to run arbitrary web scripts or HTML in the context of the device’s web interface. Documented impacts include ...

CVE-2024-7655

The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-7655

CVE-2024-7655 affects the WordPress plugin Community by PeepSo – Social Network, Membership, Registration, User Profiles, up to and including version 6.4.5.0. The issue is Stored Cross-Site Scripting caused by insufficient input sanitization and output escaping, exploitable by authenticated attac...

CVE-2024-7655 Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-1596

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file e.g. RTX file in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

CVE-2024-7599 Advanced Sermons <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermonvideoembed’ parameter in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-44837

A cross-site scripting XSS vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter...

CVE-2024-44837

A cross-site scripting XSS vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter...

CVE-2022-3556

The Cab fare calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vehicle title setting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative...

CVE-2024-6894 RD Station <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The RD Station plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping of post metaboxes added by the plugin. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-6894

RD Station plugin for WordPress ≤ 5.3.2 is affected by a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization and output escaping of post metaboxes. This allows authenticated attackers with Contributor+ privileges to inject arbitrary scripts that execute when ...

CVE-2024-8363 Share This Image <= 2.02 - Authenticated (Contributor+) Stored Cross-Site Scripting via STI Buttons Shortcode

The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-8119

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

CVE-2024-8117 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selectedoption’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

CVE-2024-8117 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selectedoption’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

CVE-2024-42904

A cross-site scripting XSS vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php...