5207 matches found
Cross site scripting
The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHPSELF in the /real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2...
Cross site scripting
The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the /includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...
Cross site scripting
The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the clientref parameter found in the /processresponse.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.0...
Cross site scripting
The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the link parameter found in the /htaccess-redirect.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.3.1...
Cross site scripting
The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the /simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...
Cross site scripting
The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...
CVE-2021-39314 WooCommerce EnvioPack <= 1.2 Reflected Cross-Site Scripting
The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the /includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...
CVE-2021-39318 H5P CSS Editor <= 1.0 Reflected Cross-Site Scripting
The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...
CVE-2021-42367 Variation Swatches for WooCommerce <= 2.1.1 Authenticated Stored Cross-Site Scripting
The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the /includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization...
CVE-2021-39319 duoFAQ - Responsive, Flat, Simple FAQ <= 1.4.8 Reflected Cross-Site Scripting
The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the /duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8...
Real WYSIWYG <= 0.0.2 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHPSELF in the /real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2...
Link List Manager <= 1.0 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the /llm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...
SquaredUp for SCOM Cross-Site Scripting Vulnerability (CNVD-2021-100392)
A cross-site scripting vulnerability exists in the integration configuration of SquaredUp for SCOM version 5.2.1.6654, which could be exploited by remote attackers to inject arbitrary web scripts or HTML...
SquaredUp for SCOM Cross-Site Scripting Vulnerability
Squaredup is a Web service from Squaredup UK that provides data monitoring capabilities for cloud environments. a cross-site scripting vulnerability exists in Image Tile in SquaredUp for SCOM version 5.2.1.6654, which can be exploited by remote attackers to inject arbitrary Web scripts or HTML...
Fathom Analytics < 3.0.5 - Admin+ Stored Cross-Site Scripting
The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the fathomsiteid parameter found in the /fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including...
CVE-2021-35415
A stored cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields...
CVE-2021-35415
A stored cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields...
Cross site scripting
A stored cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields...
CVE-2021-35415
A stored cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields...
WordPress plugin cross-site request forgery vulnerability (CNVD-2021-102803)
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress plugin Stetic 1.0.6 and its previous versions...