5207 matches found
Cross site scripting
JEECMS x1.1 contains a stored cross-site scripting XSS vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Cross site scripting
The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the playerid parameter found in the /view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727...
CVE-2021-39350
FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter in ~/view/stats.php (versions 7.5.0.727–7.5.2.727). An attacker can inject arbitrary scripts. Remediation: update to version 7.5.3.727 or later.
CVE-2020-21496
A cross-site scripting XSS vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter...
CVE-2020-21495
A cross-site scripting XSS vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter...
CVE-2020-21494
A cross-site scripting XSS vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0...
Cross site scripting
A cross-site scripting XSS vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0...
Cross site scripting
A cross-site scripting XSS vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter...
Cross site scripting
A cross-site scripting XSS vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter...
CVE-2020-21496
A cross-site scripting XSS vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter...
CVE-2020-21495
A cross-site scripting XSS vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter...
CVE-2020-21494
This CVE concerns Xiuno BBS 4.0.4 where an XSS vulnerability exists in the install/install.sql component. The underlying issue is that attacker-controlled input can alter the doctype value to 0, enabling execution of arbitrary web scripts or HTML. The affected artifact is the install.sql routine ...
CVE-2020-21494
A cross-site scripting XSS vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0...
Cross-site Scripting in LaraCMS
LaraCMS contains a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor...
GHSA-M72G-42Q6-GVC2 Cross-site Scripting in LaraCMS
LaraCMS contains a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor...
Cross-site Scripting in GilaCMS
A cross-site scripting XSS vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field...
GHSA-H7MQ-27R7-W972 Cross-site Scripting in GilaCMS
A cross-site scripting XSS vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field...
GHSA-6675-WWQR-JHMF Cross-site Scripting in GilaCMS
A stored cross-site scripting XSS vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...
Cross-site Scripting in GilaCMS
A stored cross-site scripting XSS vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...
CVE-2020-20781
A stored cross-site scripting XSS vulnerability in /ucms/index.php?do=listedit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields...