WordPress Amelia Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. WordPress plugin is an application plugin for WordPress. WordPress Amelia Plugin 1.0.46 and earlier versions are vulnerable to a cross-site scripting vulnerability that stems from the program's failure t...

WordPress Ninja Forms-File Uploads Extension Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. WordPress Ninja Forms - File Uploads Extension Plugin...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes...

CVE-2022-25575

Multiple cross-site scripting XSS vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes...

CVE-2022-25575

CVE-2022-25575 describes multiple cross-site scripting (XSS) vulnerabilities in the Parking Management System v1.0. The affected component is the web interface where attackers can inject scripts through crafted payloads into the username, password, and verification code (CAPTCHA) input fields. Th...

CVE-2022-0750

The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnailwidth, thumbnailheight, maximagewidth, and maximageheight parameters found in the /photoswipe-masonry.php file which allows authenticated attackers t...

CVE-2022-0889

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...

Cross site scripting

The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnailwidth, thumbnailheight, maximagewidth, and maximageheight parameters found in the /photoswipe-masonry.php file which allows authenticated attackers t...

CVE-2022-0750

The CVE-2022-0750 issue affects the WordPress Photoswipe Masonry Gallery plugin (versions up to 1.2.14). The root cause is insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters in photoswipe-masonry.php, enabling authenti...

CVE-2022-0750 Photoswipe Masonry Gallery <= 1.2.14 Stored Cross-Site Scripting

The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnailwidth, thumbnailheight, maximagewidth, and maximageheight parameters found in the /photoswipe-masonry.php file which allows authenticated attackers t...

CVE-2022-0834

The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the /src/Application/Controller/User/Customer/AddCustomerController.php file which allows attackers to inject arbitrary web scripts onto a pages that...

CVE-2022-0889 Ninja Forms - File Uploads Extension <= 3.3.12 - Reflected Cross-Site Scripting

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...

CVE-2022-25464

A stored cross-site scripting XSS vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2022-26555

A stored cross-site scripting XSS vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box...

Cross site scripting

A stored cross-site scripting XSS vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field...

Cross site scripting

A cross-site scripting XSS vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML...

Cross-site Scripting (XSS)

Liferay Frontend Taglib Clay is vulnerable to cross-site scripting. The vulnerability exists in the processStartTag function of ManagementToolbarTag.java because the keyword parameter of the search function is not properly escaped, which allows an attacker to inject and execute arbitrary web...

Amelia < 1.0.47 - Unauthenticated Stored XSS via lastName

The plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the /src/Application/Controller/User/Customer/AddCustomerController.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever...

CVE-2022-25022

A cross-site scripting XSS vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post...