CVE-2023-37798

Vanderbilt REDCap 13.1.35 is affected by a stored XSS in the new project creation function, exploitable via the project title parameter. Root cause: insufficient input sanitization in the project title field leading to arbitrary script/HTML execution. Impact: potential arbitrary script execution ...

The vulnerability of the XWiki platform for creating collaborative web applications lies in authentication errors, which allow a malicious user to execute arbitrary web scripts with elevated privileges.

The vulnerability of the XWiki Platform lies in authentication errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary web scripts with elevated privileges...

CVE-2023-41601

Multiple cross-site scripting XSS vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters...

CVE-2023-4779

CVE-2023-4779 affects the WordPress plugin User Submitted Posts . The vulnerability is a stored XSS via the plugin’s [usp_gallery] shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes (e.g., ‘before’). Impact: authenticated attackers with contributo...

Cross site scripting

The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpresssocialloginmeta' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-4773 WordPress Social Login <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpresssocialloginmeta' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-4719 Simple Membership <= 4.3.5 - Reflected Cross-Site Scripting

The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the listtype parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. Using this vulnerability, unauthenticated attackers could inject arbitrary web...

CVE-2023-34637

A stored cross-site scripting XSS vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the dashboard title parameter in the IsarFlow Portal...

CVE-2023-34637

CVE-2023-34637 is a stored XSS in IsarNet AG IsarFlow v5.23 that allows an authenticated attacker to inject arbitrary web scripts via the dashboard title parameter in the IsarFlow Portal. The vulnerability is described as CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N with a base score of 5.4 (Me...

CSZ CMS 1.3.0 Cross Site Scripting

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting Plugin 'Gallery' Date: 2023/08/18 CVE: CVE-2023-38911 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS...

CSZ CMS 1.3.0 - Stored Cross-Site Scripting (&#039;Photo URL&#039; and &#039;YouTube URL&#039; )

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting 'Photo URL' and 'YouTube URL' Date: 2023/08/18 CVE: CVE-2023-38910 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Descriptio...

CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin Gallery) Vulnerability

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting Plugin 'Gallery' CVE: CVE-2023-38911 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS 1.3.0 is affected b...

Cross site scripting

The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fa' and 'fa-stack' shortcodes in versions up to, and including, 4.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2023-39714

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section...

CVE-2023-37830

A cross-site scripting XSS vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the executionBlockName parameter...

CVE-2023-39714

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section...