5207 matches found
Cross site scripting
A stored cross-site scripting XSS vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question...
CVE-2020-19295
A reflected cross-site scripting XSS vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-19292
A stored cross-site scripting XSS vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question...
CVE-2020-19293
A stored cross-site scripting XSS vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article...
CVE-2020-19291
A stored cross-site scripting XSS vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo...
CVE-2020-19289
A stored cross-site scripting XSS vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab...
CVE-2020-19288
A stored cross-site scripting XSS vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message...
CVE-2020-19285
A stored cross-site scripting XSS vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field...
CVE-2020-19286
A stored cross-site scripting XSS vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor...
CVE-2020-19284
A stored cross-site scripting XSS vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field...
CVE-2020-19283
A reflected cross-site scripting XSS vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-19282
Jeesns 1.4.2 is affected by a reflected cross-site scripting (XSS) vulnerability in the system error message text field. The issue allows an attacker to inject and execute arbitrary web scripts or HTML in a victim’s browser, potentially enabling session hijacking or data exposure. Root cause is a...
CVE-2020-19281
A stored cross-site scripting XSS vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field...
CVE-2021-38322
The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmcTFuser and pmcTFpassword parameter found in the /twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1...
CVE-2021-38317
The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the planid parameter in the /views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3...
Cross site scripting
The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmcTFuser and pmcTFpassword parameter found in the /twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1...
Cross site scripting
The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the /user-activation-email.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.0...
Cross site scripting
The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the /cover-carousel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...