5207 matches found
CVE-2021-38348
The CVE-2021-38348 entry describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress Advanced Search plugin (versions up to and including 1.1.2) due to the wpas_id parameter in the file ~/inc/admin/views/html-advance-search-admin-options.php. The underlying issue is a reflecte...
CVE-2021-38337 RSVPMaker Excel <= 1.1 Reflected Cross-Site Scripting
The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1...
CVE-2021-38337 RSVPMaker Excel <= 1.1 Reflected Cross-Site Scripting
The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1...
CVE-2021-38334 WP Design Maps & Places <= 1.2 Reflected Cross-Site Scripting
The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the /wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...
JEESNS Reflective Cross-Site Scripting Vulnerability
JEESNS is a social management system developed on the JAVA enterprise platform. An attacker can use this vulnerability to execute arbitrary Web scripts or HTML...
JEESNS Reflective Cross-Site Scripting Vulnerability (CNVD-2021-74052)
JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web scripts or HTML via the system error message text field...
JEESNS Reflective Cross-Site Scripting Vulnerability (CNVD-2021-74053)
JEESNS is a social management system developed on the JAVA enterprise platform. An attacker can use this vulnerability to execute arbitrary Web scripts or HTML...
JEESNS Stored Cross-Site Scripting Vulnerability (CNVD-2021-74051)
JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web scripts or HTML via a specially crafted payload in the user name field...
CVE-2020-19295
A reflected cross-site scripting XSS vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-19294
A stored cross-site scripting XSS vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section...
CVE-2020-19290
A stored cross-site scripting XSS vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section...
CVE-2020-19292
A stored cross-site scripting XSS vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question...
CVE-2020-19282
A reflected cross-site scripting XSS vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field...
CVE-2020-19286
A stored cross-site scripting XSS vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor...
CVE-2020-19292
A stored cross-site scripting XSS vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question...
CVE-2020-19291
A stored cross-site scripting XSS vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo...
CVE-2020-19284
A stored cross-site scripting XSS vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field...
CVE-2020-19288
A stored cross-site scripting XSS vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message...
CVE-2020-19289
A stored cross-site scripting XSS vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab...
CVE-2020-19282
A reflected cross-site scripting XSS vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field...