CVE-2024-7134

CVE-2024-7134 affects the LiquidPoll – Polls, Surveys, NPS and Feedback Reviews WordPress plugin. According to the CVE entry, all versions up to and including 3.3.78 are vulnerable to unauthenticated stored cross‑site scripting via the form_data parameter, due to insufficient input sanitization a...

CVE-2024-42939

A cross-site scripting XSS vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field...

CVE-2024-42550

A cross-site scripting XSS vulnerability in the component /email/welcome.php of Mini Inventory and Sales Management System commit 18aa3d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...

CVE-2024-42550

CVE-2024-42550 is an XSS vulnerability in the Mini Inventory and Sales Management System, exploitable via the /email/welcome.php component (commit 18aa3d). The issue arises from injecting a crafted payload into the Title parameter, enabling execution of arbitrary scripts/HTML in a victim’s browse...

CVE-2024-42939

A cross-site scripting XSS vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field...

CVE-2024-42939

A cross-site scripting XSS vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field...

CVE-2024-42550

A cross-site scripting XSS vulnerability in the component /email/welcome.php of Mini Inventory and Sales Management System commit 18aa3d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...

CVE-2024-42939

CVE-2024-42939 affects YZNCMS v1.4.2, specifically the /index/index.html component. The vulnerability is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary web scripts or HTML via a crafted payload placed in the configured remarks text field. Public details confirm the ...

CVE-2024-35540

A stored cross-site scripting XSS vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-35540

A stored cross-site scripting XSS vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-7850 BP Profile Search <= 5.7.5 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. This is due to missing or incorrect nonce validation on the bpsajaxfieldselector, bpsajaxtemplateoptions, and bpsajaxfieldrow functions. This makes it possible for...

PT-2024-30020 · Unknown · Blood Bank/Donation Management System

Name of the Vulnerable Software and Affected Versions: Blood Bank And Donation Management System affected versions not specified Description: A cross-site scripting XSS vulnerability in the component update page details.php allows attackers to execute arbitrary web scripts or HTML via a crafted...

CVE-2024-42560

A cross-site scripting XSS vulnerability in the component updatepagedetails.php of Blood Bank And Donation Management System commit dc9e039 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Details parameter...

CVE-2024-42560

A cross-site scripting XSS vulnerability in the component updatepagedetails.php of Blood Bank And Donation Management System commit dc9e039 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Details parameter...

CVE-2024-35540

A stored cross-site scripting XSS vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-35540

A stored cross-site scripting XSS vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-42560

CVE-2024-42560 is an XSS vulnerability affecting Blood Bank And Donation Management System (component update_page_details.php). The issue arises in the Page Details parameter, enabling an attacker to inject and execute arbitrary web scripts or HTML. Documented across multiple feeds (NVD, Red Hat,...

CVE-2023-4604 Slideshow, Image Slider by 2J <= 1.3.54 - Reflected Cross-Site Scripting via 'post'

The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-4507 Admission AppManager <= 1.0.0 - Reflected Cross-Site Scripting

The Admission AppManager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-7147 JetBlocks <= 1.3.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

The JetBlocks for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple placeholder parameters in all versions up to, and including, 1.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...