CVE-2024-31649

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...

Tainacan Interface < 2.7.2 - Reflected Cross-Site Scripting

Description The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in version 2.7.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

CVE-2024-31651

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...

CVE-2024-31652

Cosmetics and Beauty Product Online Store (version 1.0) has a cross-site scripting (XSS) vulnerability exploitable via a crafted payload in the Search parameter. Affected component: the Search input handling in the web app. Root cause: reflected XSS allowing arbitrary web scripts/HTML to execute ...

CVE-2024-31652

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...

Royal Elementor Addons < 1.3.95 - Contributor+ Stored Cross-Site Scriting

Description The plugin is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to...

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE < 2.6.9 - Contributor+ Stored Cross-Site Scripting via Block Attributes

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2024-30880

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function...

CVE-2024-30878

A cross-site scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the uploaddrive parameter...

CVE-2024-30883

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function...

CVE-2023-6811

CVE-2023-6811 affects the Language Translate Widget for WordPress – ConveyThis plugin. The vulnerability is a stored cross-site scripting (XSS) via the api_key parameter in all versions up to 223, caused by insufficient input sanitization and output escaping. Exploitation by unauthenticated users...

WebinarPress < 1.33.10 - Reflected Cross-Site Scripting

Description The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.33.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-30880

CVE-2024-30880 maps to a reflected XSS in RageFrame2 v2.6.43. The issue arises in the image cropping function, where a crafted payload is injected via the multiple parameter, enabling remote execution of web scripts and potential leakage of sensitive information. Multiple connected sources (NVD, ...

CVE-2024-30883

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function...

CVE-2024-30879

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function...

CVE-2024-30878

A cross-site scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the uploaddrive parameter...

CVE-2024-30878

A cross-site scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the uploaddrive parameter...

CVE-2024-30878

RageFrame2 v2.6.43 is described as vulnerable to a cross-site scripting (XSS) flaw that allows remote attackers to execute arbitrary web scripts or HTML and potentially obtain sensitive information via a crafted payload injected into the upload_drive parameter. The cited sources (including Red Ha...

CVE-2024-30883

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function...

CVE-2024-30880

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function...