CVE-2023-6645 Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.64 - Authenticated (Contributor+) Cross-Site Scripting

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2023-4962 Video PopUp <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'videopopup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-6624 Import and export users and customers <= 1.24.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-6781 Orbit Fox Companion <= 2.10.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom fields

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 2.10.26 due to insufficient input sanitization and output escaping on user supplied values. This makes it possible for authenticated...

CVE-2023-6684 Ibtana – WordPress Website Builder <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' user supplied attribute. This makes it possib...

PHPJabbers Cinema Booking System 1.0 Cross Site Scripting

Exploit Title: PHPJabbers Cinema Booking System v1.0 - Reflected Cross-Site Scripting Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cinema-booking-system/sectionDemo Version: v1.0...

CVE-2020-26628

A Cross-Site Scripting XSS vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile...

Cross site scripting

A Cross-Site Scripting XSS vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile...

CVE-2020-26628

A Cross-Site Scripting XSS vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile...

Formidable Forms < 6.7.1 - Admin+ Stored Cross-Site Scripting

Description The plugin is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 inclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Cross site scripting

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Gila CMS Area Parameter SQL Injection Vulnerability

Gila CMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in Gila CMS 1.15.4 and earlier versions, which stems from the application's lack of validation of externally entered SQL statements. The vulnerability can be exploited by a remote...

CVE-2023-6801

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes ...

Cross site scripting

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes ...

Back Button Widget < 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Back Button Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Uncode Core < 2.8.7 - Reflected Cross-Site Scripting

Description The uncode-core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

Google Photos Gallery with Shortcodes < 4.0.3 - Reflected Cross-Site Scripting

Description The Google Photos Gallery with Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

Impreza < 8.18 - Reflected Cross-Site Scripting

Description The Impreza – WordPress Website and WooCommerce Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 8.17.4 due to insufficient input sanitization and output escaping. This makes it possible for...

SQL Injection

gilacms/gila is vulnerable to SQL Injection. The vulnerability is due to improper userid parameter sanitization within the login portal, which allows an attacker to execute arbitrary web scripts which results in SQL injection...

SQL Injection

gilacms/gila is vulnerable to SQL Injection. The vulnerability is due to improper ID parameter sanitization within login portal endpoint, which allows an attacker to execute arbitrary web scripts resulting in SQL injection...