CVE-2024-42904

A cross-site scripting XSS vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php...

CVE-2024-44920

A cross-site scripting XSS vulnerability in the component admincollectnews.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter...

CVE-2024-42904

A cross-site scripting XSS vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php...

CVE-2024-44920

CVE-2024-44920 is a documented cross-site scripting (XSS) vulnerability in SeaCMS v12.9, affecting the component derive from the description: admin_collect_news.php. The vulnerability can be triggered by injecting a crafted payload into the siteurl parameter, enabling attackers to execute arbitra...

CVE-2024-42904

A cross-site scripting XSS vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php...

CVE-2024-42904

CVE-2024-42904 affects SysPass 3.2.x. A cross-site scripting (XSS) vulnerability exists where attackers can inject arbitrary web scripts/HTML via the name parameter at /Controllers/ClientController.php. Reports from Red Hat, NVD, OSV, CNNVD and CVE/CVE-list entries confirm the same issue. The ava...

CVE-2024-3886

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envatocode’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the onajaxcheckenvatocode function. This makes it possible for...

CVE-2024-5212

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envatocode’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the onajaxregisterforumuser function. This makes it possible for...

CVE-2024-5212 tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[]

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envatocode’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the onajaxregisterforumuser function. This makes it possible for...

CVE-2024-3886 tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[]

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envatocode’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the onajaxcheckenvatocode function. This makes it possible for...

CVE-2024-5212 tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[]

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envatocode’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the onajaxregisterforumuser function. This makes it possible for...

CVE-2024-44918

A cross-site scripting XSS vulnerability in the component admindatarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-7122

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-8274 WP Booking Calendar <= 10.5 - Reflected Cross-Site Scripting

The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timelineobj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-5024

The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'meprscreenname' and 'meprkey' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-5024

CVE-2024-5024 concerns the MemberPress WordPress plugin. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw that can be triggered via the mepr_screenname and mepr_key parameters in pages that trigger user actions. It affects all versions up to and including 1.11.29 (per the initial ...

CVE-2024-5024 MemberPress <= 1.11.29 - Reflected Cross-Site Scripting via mepr_screenname and mepr_key Parameters

The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'meprscreenname' and 'meprkey' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-5024 MemberPress <= 1.11.29 - Reflected Cross-Site Scripting via mepr_screenname and mepr_key Parameters

The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'meprscreenname' and 'meprkey' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-44918

A cross-site scripting XSS vulnerability in the component admindatarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-44918

CVE-2024-44918 is a cross-site scripting vulnerability in SeaCMS v12.9, affecting the component admin_datarelate.php . The issue allows attackers to run arbitrary web scripts or HTML via a crafted payload. The CVSS 3.1 base score is reported as 3.5 (Low) with network attack vector, low complexity...