Cross-site Scripting in Anchor CMS

A cross-site scripting XSS vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML...

CVE-2021-46253

A cross-site scripting XSS vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML...

Cross site scripting

A cross-site scripting XSS vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML...

Fotobook <= 3.2.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping and the use of $SERVER'PHPSELF' found in the /options-fotobook.php file which allows attackers to inject arbitrary web scripts onto the page...

Cross site scripting

A cross-site scripting XSS vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module...

Cross site scripting

A reflected cross-site scripting XSS vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2021-44299

A reflected cross-site scripting XSS vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2022-0210

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and...

Cross site request forgery (csrf)

The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...

CVE-2022-0233 ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 Authenticated Stored Cross-Site Scripting

The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...

CVE-2021-4074 WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting

The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the ccwhmcsbridgeurl parameter found in the /whmcs-bridge/bridgecp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the...

CVE-2021-43353

The CVE-2021-43353 entry concerns the WordPress Crisp Live Chat plugin, where a Cross-Site Request Forgery (CSRF) vulnerability arises from missing nonce validation in the crisp_plugin_settings_page function (crisp.php), affecting versions up to 0.31. This CSRF flaw enables an attacker to inject ...

ProfileGrid < 4.7.5 - Subscriber+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts...

WHMCS Bridge < 6.3 - Subscriber+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting via the ccwhmcsbridgeurl parameter found in the /whmcs-bridge/bridgecp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the ccwhmcsbridgeaddadmin...

Cross-site Scripting in Scratch-Svg-Renderer

A DOM-based cross-site scripting XSS vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file...

CVE-2020-27428

A DOM-based cross-site scripting XSS vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file...

CVE-2020-27428

A DOM-based cross-site scripting XSS vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file...

Cross site scripting

A DOM-based cross-site scripting XSS vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file...

CVE-2020-27428

CVE-2020-27428 affects the Scratch-Svg-Renderer library (v0.2.0). The vulnerability is described as a DOM-based cross-site scripting (XSS) issue that allows an attacker to execute arbitrary web scripts or HTML through a crafted sb3 file. The cited impact indicates possible code execution in the c...

Lemon OA Cross-Site Scripting Vulnerability

Lemon OA is an open source office OA system developed by XuHuisheng personal developer using the Java language.Lemon OA V1.10.0 version of the Editing component has a security vulnerability that can be exploited by attackers to execute arbitrary web scripts or HTML...