Cross site scripting

A stored cross-site scripting XSS vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page...

Cross-site Scripting in Jfinal CMS

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in /bsms/?page=manageaccount of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name fields...

Design/Logic Flaw

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...

Malicious Package

Overview web-scripts-monorepo is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious code in web-scripts-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42d2a82508d83227e172fae45ff15eb9a366f79d518d84ef65b1620dbe7b7d67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7075 Malicious code in web-scripts-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42d2a82508d83227e172fae45ff15eb9a366f79d518d84ef65b1620dbe7b7d67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-31298

A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

Cross site scripting

A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

Cross site scripting

A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

CVE-2022-31300

A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

WordPress ToolBar to Share plugin跨站点请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress ToolBar to Share plugin version 2.0 and prior versions are vulnerable to cross-site request forgery...

WordPress plugin Copify cross-site request forgery vulnerability

WordPress is a set of blogging platform developed using the PHP language. A cross-site request forgery vulnerability exists in the WordPress plugin Copify 1.3.0 and prior versions, which stems from a lack of random number validation on the CopifySettings page. An attacker could exploit this...

Cross site scripting

The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘t’ parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

Cross site request forgery (csrf)

The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createpluginatfadminsettingpage function found in the /inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and...

Cross site scripting

The Google Tag Manager for WordPress GTM4WP plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the gtm4wp-optionsscroller-contentid parameter found in the /public/frontend.php file which allowed attackers with administrative user access to inject arbitrary web...

Cross site request forgery (csrf)

The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the adminupdatedata function. This makes it possible for unauthenticated attackers to inject malicious...

CVE-2022-31400

A cross-site scripting XSS vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field...

CVE-2022-1969 Mobile browser color select <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the adminupdatedata function. This makes it possible for unauthenticated attackers to inject malicious...

CVE-2022-1822

The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...