CVE-2024-32342

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter...

CVE-2024-32338

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module...

CVE-2024-32345

CMSimple v5.15 is affected by a cross-site scripting (XSS) vulnerability in the Settings menu, specifically via the Configuration parameter under Language. The underlying issue is insufficient filtering/escaping of user-supplied data in that parameter, enabling attackers to inject arbitrary web s...

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

CVE-2024-32339

WonderCMS v3.4.3 has multiple XSS vulnerabilities on the HOW TO page. The flaws arise from insufficient input filtering/escaping on the HOW TO page, allowing an attacker to inject arbitrary web scripts/HTML via crafted payloads into parameters. Per sources, this can lead to theft of cookie-based ...

CVE-2024-32746

CVE-2024-32746 describes an XSS vulnerability in WonderCMS v3.4.3 within the Settings section, exploitable via a crafted payload injected into the MENU parameter under the Menu module. Affected software is WonderCMS 3.4.3; impact is arbitrary script/HTML execution in the user’s browser. Core deta...

CVE-2024-32342

Boid CMS v2.1.0 is affected by an XSS in the Create Page, exploitable via a crafted payload to the Permalink parameter. The vulnerability arises from improper handling of input in the Create Page flow, allowing attackers to execute arbitrary scripts/HTML in the context of users viewing the affect...

CVE-2024-30952

A stored cross-site scripting XSS vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action...

CVE-2024-32340

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module...

CVE-2024-30952

PESCMS-TEAM v2.3.6 contains a stored XSS vulnerability exploitable via a crafted payload in the domain input field at /youdoamin/?g=Team&m=Setting&a=action. Affected component: domain input handling in the API endpoint; impact: execution of arbitrary web scripts/HTML. Some sources mention a tempo...

CVE-2024-32344

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...

CVE-2024-32343

Boid CMS v2.1.0 has an XSS vulnerability in the Create Page, exploitable by injecting a crafted payload into the Content parameter. The issue is documented across multiple sources with no explicit exploitation details provided and a CVSS v3.1 base score of 6.1 (MEDIUM), requiring user interaction...

CVE-2024-32344

CMSimple v5.15 is affected by an XSS in the Settings menu, via crafted input in the Language section Edit parameter. The vulnerability arises from insufficient filtering/escaping of user-supplied data in that parameter, enabling arbitrary script/HTML execution. In-the-wild details are not provide...

EZ Form Calculator <= 2.14.0.3 - Reflected Cross-Site Scripting

Description The EZ Form Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.14.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-32338

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module...

HT Mega < 2.4.7 - Contributor+ Stored XSS via size

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to...

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...

CVE-2024-32745

CVE-2024-32745 is an XSS vulnerability in WonderCMS v3.4.3. The issue stems from lack of proper filtering/escaping in the PAGE DESCRIPTION parameter of the CURRENT PAGE module under Settings, allowing an attacker to inject arbitrary web scripts or HTML. Public references consistently describe the...

CVE-2024-32341

CVE-2024-32341 affects WonderCMS v3.4.3, specifically the Home page. The vulnerability is described as multiple XSS flaws that allow an attacker to inject arbitrary web scripts or HTML via crafted payloads into parameters, as noted across multiple sources. Some connected documents describe the im...

CVE-2024-32745

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module...