Add Custom Body Class <= 1.4.1 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not properly escape the addcustombodyclass parameter before outputting it to the page, allowing users with the role of contributor of higher to inject arbitrary web scripts potentially targeting higher privileged users...

PT-2023-10708 · Abus · Abus Tvip Cameras

Name of the Vulnerable Software and Affected Versions: ABUS TVIP cameras affected versions not specified Description: An issue was discovered in certain ABUS TVIP cameras, where the CGI scripts allow remote attackers to execute code via system as root. There are several injection points in variou...

CVE-2023-5745

The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5085

The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wit...

Cross site scripting

The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-5744 Very Simple Google Maps <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-5740 Live Chat with Facebook Messenger <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2023-5126 Delete Me <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugindeleteme' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5745 Reusable Text Blocks <= 1.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode

The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5127 WP Font Awesome <= 1.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with...

WordPress Modern Events Calendar Lite Plugin < 6.5.2 Multiple XSS Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webnus:moderneventscalendarlite"; ifdescription...

CVE-2023-37636

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

Cross site scripting

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

CVE-2023-27148

A stored cross-site scripting XSS vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter...

CVE-2023-27149

A stored cross-site scripting XSS vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list...

CVE-2023-27148

A stored cross-site scripting XSS vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter...

CVE-2023-27148

A stored cross-site scripting XSS vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter...

CVE-2023-37636

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

CVE-2023-27149

A stored cross-site scripting XSS vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list...

CVE-2023-4635

The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...