5210 matches found
CVE-2022-2518 Stockists Manager for Woocommerce <= 1.0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockistsettingsmain function. This makes it possible for unauthenticated attackers to modify the plugin...
CVE-2022-36639
A stored cross-site scripting XSS vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...
CVE-2022-36600
BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...
Cross site scripting
BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...
GHSA-Q6H8-QJJC-J8CG Pagekit CMS cross-site scripting in Markdown text box where articles are edited
A cross-site scripting XSS vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit...
CVE-2022-36573
A cross-site scripting XSS vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit...
CVE-2022-36573
A cross-site scripting XSS vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit...
Cross site scripting
A cross-site scripting XSS vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit...
CVE-2022-36573
A cross-site scripting XSS vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit...
CVE-2022-36548
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field...
Cross site scripting
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting XSS vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field...
Cross site scripting
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field...
CVE-2022-36548
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field...
Jfinal Cross-site Scripting vulnerability
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...
CVE-2022-36527
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...
CVE-2022-36527
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...
Design/Logic Flaw
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...
CVE-2022-36527
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...
Fortinet FortiOS Cross Site Scripting (CVE-2018-13380)
A cross site scripting vulnerability exists in Fortinet FortiOS. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
GHSA-4M2G-668V-JWJX Cross site scripting in getkirby/starterkit
A stored cross-site scripting XSS vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field...