Cross site scripting

The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the /inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in versions up to, and including, 1.7.21...

CVE-2022-1187 WP YouTube Live <= 1.7.21 - Reflected Cross-Site Scripting

The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the /inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in versions up to, and including, 1.7.21...

Cross site scripting

A reflected cross-site scripting XSS vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL...

Newbee-Mall Cross-Site Scripting Vulnerability

Newbee-Mall is an e-commerce system. Newbee-Mall v1.0.0 contains a security vulnerability that could be exploited by attackers to execute arbitrary Web scripts or HTML via the goodsName parameter of /admin/goods/update...

Cross site scripting

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...

CVE-2022-27961

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...

CVE-2022-27476

A cross-site scripting XSS vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter...

Cross site scripting

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability via viewallcomments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...

CVE-2022-27348

Social Codia SMS v1 was discovered to contain a stored cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field...

CVE-2022-27063

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability via viewallcomments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...

CVE-2022-27062

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field...

CVE-2022-27436

A cross-site scripting XSS vulnerability in /public/admin/index.php?adduser at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field...

CVE-2022-26565

A cross-site scripting XSS vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page...

Cross site scripting

A cross-site scripting XSS vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page...

CVE-2022-26565

A cross-site scripting XSS vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page...

Cross site scripting

A stored cross-site scripting XSS vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field...

Spotweb Cross-Site Scripting Vulnerability (CNVD-2022-34641)

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team.Spotweb is vulnerable to cross-site scripting, which can be exploited by remote attackers to inject arbitrary Web scripts or HTML via the dataperformredirect parameter...

CVE-2022-25574

A stored cross-site scripting XSS vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file...

CVE-2022-25574

A stored cross-site scripting XSS vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file...