5210 matches found
Cross site scripting
A cross-site scripting XSS vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter...
CVE-2023-49488
A cross-site scripting XSS vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter...
Structured Content < 1.6 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...
Adifier (Premium Theme) < 3.1.4 - Reflected Cross-Site Scripting
Description The Adifier Premium Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Currency Converter Calculator < 1.3.2 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitra...
MyTube PlayList <= 2.0.3 - Reflected Cross-Site Scripting via addplaylistid
Description The MyTube PlayList plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘addplaylistid’ parameter in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
10to8 Online Appointment Booking System < 1.1.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
HDW Player Plugin (Video Player & Video Gallery) <= 5.0 - Cross-Site Scripting
Description The HDW Player Plugin Video Player & Video Gallery plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
PowerPack Pro for Elementor < 2.9.24 - Reflected Cross-Site Scripting
Description The PowerPack Pro for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.9.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
BrainCert – HTML5 Virtual Classroom <= 2.0 - Reflected Cross-Site Scripting
Description The BrainCert – HTML5 Virtual Classroom plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WP Pocket URLs <= 1.0.2 - Reflected Cross-Site Scripting
Description The WP Pocket URLs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
File Gallery <= 1.8.5.4 - Reflected Cross-Site Scripting via post_id
Description The File Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘postid’ parameter in versions up to, and including, 1.8.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
affiliate-toolkit – WordPress Affiliate Plugin < 3.4.4 - Reflected Cross-Site Scripting via keyword
Description The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the keyword parameter in versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2023-6527 Email Subscription Popup <= 1.2.18 - Reflected Cross-Site Scripting
The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTPREFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-48940
A stored cross-site scripting XSS vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Cross site scripting
A stored cross-site scripting XSS vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-48940
A stored cross-site scripting XSS vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Design/Logic Flaw
The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...
CVE-2023-5137
CVE-2023-5137 affects the Simply Excerpts WordPress plugin (
MISP 安全漏洞
MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. Cross-site scripting vulnerability exists in versions prior to MISP 2.4.179. The...