CVE-2022-25307 WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via platform

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when sit...

CVE-2022-25306 WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via browser

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the /includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when...

CVE-2022-0683

CVE-2022-0683 affects the WordPress plugin WordPress Essential Addons for Elementor Lite. The vulnerability is a Cross-Site Scripting (XSS) due to insufficient escaping and sanitization of the settings parameter found in includes/Traits/Helper.php, exploitable when a user clicks a crafted link. A...

EUVD-2022-15747

The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the siteurl parameter found in the /assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a...

CVE-2022-0653

CVE-2022-0653 affects the WordPress Profile Builder plugin (versions ≤ 3.6.1). It’s a reflected XSS due to insufficient escaping of the site_url parameter in ~/assets/misc/fallback-page.php, enabling arbitrary scripts to run when users click a crafted link. Impact in sources includes potential da...

Vmware Workspace One Boxer 跨站脚本漏洞

Vmware Workspace One Boxer is a mobile email application for AirWatch and Workspace One customers from Vmware USA. VMWare Workspace ONE Boxer suffers from a cross-site scripting vulnerability that stems from user-supplied data not being adequately processed. An attacker could exploit the...

WP Statistics < 13.1.6 - Multiple Unauthenticated Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP, browser and platform parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site...

CVE-2022-22853

A stored cross-site scripting XSS vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Name field...

CVE-2021-46251

A reflected cross-site scripting XSS in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

CVE-2022-24589

Burden v3.0 was discovered to contain a stored cross-site scripting XSS in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter...

Cross site scripting

Burden v3.0 was discovered to contain a stored cross-site scripting XSS in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter...

CVE-2022-24589

Burden v3.0 was discovered to contain a stored cross-site scripting XSS in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter...

CVE-2022-24587

A stored cross-site scripting XSS vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML...

CVE-2022-24590

A stored cross-site scripting XSS vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML...

CVE-2022-24585

A stored cross-site scripting XSS vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter...

CVE-2022-24585

A stored cross-site scripting XSS vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter...

CVE-2022-24587

A stored cross-site scripting XSS vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML...

CVE-2022-24587

A stored cross-site scripting XSS vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML...