5210 matches found
CVE-2024-42818
A cross-site scripting XSS vulnerability in the Config-Create function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...
CVE-2024-44796
A cross-site scripting XSS vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the errordescription parameter...
CVE-2024-44797
A cross-site scripting XSS vulnerability in the component /managers/enablerequests.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the view parameter...
CVE-2024-42816
The CVE-2024-42816 issue affects fastapi-admin pro v0.1.4, where the Create Product function is vulnerable to Cross‑Site Scripting (XSS) through a crafted payload in the Product Name parameter. Multiple sources (NVD, Red Hat, Veracode, GHSA) describe that insufficient validation/sanitization of P...
CVE-2024-44793
A cross-site scripting XSS vulnerability in the component /managers/multiplefreeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the torrents parameter...
CVE-2024-44797
Summary: CVE-2024-44797 is a cross-site scripting (XSS) vulnerability in Gazelle’s /managers/enable_requests.php (commit 63b3370). An attacker can inject arbitrary web scripts or HTML via the view parameter. Affected component is within Gazelle, a web framework for private BitTorrent trackers. Th...
CVE-2024-44793
A cross-site scripting XSS vulnerability in the component /managers/multiplefreeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the torrents parameter...
CVE-2024-42816
A cross-site scripting XSS vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...
CVE-2023-6987
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2023-6987 String Locator <= 2.6.5 - Reflected Cross-Site Scripting
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2023-6987 String Locator <= 2.6.5 - Reflected Cross-Site Scripting
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2023-6987
CVE-2023-6987 affects the WordPress plugin String locator. It is a reflected XSS vulnerability triggered by the sql-column parameter in all versions up to and including 2.6.5, due to insufficient input sanitization and output escaping. Exploitation requires WP_DEBUG to be enabled and allows an un...
CVE-2024-7778
CVE-2024-7778 affects Orbit Fox by ThemeIsle for WordPress. It is a Stored XSS via SVG file uploads in all versions up to and including 2.10.36 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Author level or higher, and injected scripts ex...
CVE-2024-42550
A cross-site scripting XSS vulnerability in the component /email/welcome.php of Mini Inventory and Sales Management System commit 18aa3d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...
CVE-2024-6339
The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-6339 Phlox PRO <= 5.16.4 - Reflected Cross-Site Scripting via Search Parameters
The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-7090
The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lhaddmediafromurl-fileurl’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
CVE-2024-7090 LH Add Media From Url <= 1.23 - Reflected Cross-Site Scripting
The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lhaddmediafromurl-fileurl’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
CVE-2024-6767
The CVE-2024-6767 entry concerns WordSurvey for WordPress and describes a Stored Cross-Site Scripting (XSS) vulnerability via the sounding_title parameter in all versions up to and including 3.2. authenticated attackers with administrator-level access can inject scripts that execute when users lo...
CVE-2024-7134 LiquidPoll <= 3.3.78 - Unauthenticated Stored Cross-Site Scripting via form_data Parameter
The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘formdata’ parameter in all versions up to, and including, 3.3.78 due to insufficient input sanitization and output escaping. This makes it possible for...