Cross site scripting

The WP Academic People List WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the categoryname parameter in the /admin-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.4.1...

CVE-2020-19265

A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...

CVE-2021-38323 RentPress <= 6.6.4 Reflected Cross-Site Scripting

The RentPress WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the /src/rentPress/AjaxRequests.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.6.4...

CVE-2021-38325 User Activation Email <= 1.3.0 Reflected Cross-Site Scripting

The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the /user-activation-email.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.0...

CVE-2021-38319 More From Google <= 0.0.2 Reflected Cross-Site Scripting

The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /morefromgoogle.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2...

CVE-2021-38321 Custom Menu Plugin <= 1.3.3 Reflected Cross-Site Scripting

The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selectedmenu parameter found in the /custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3...

CVE-2021-38316 WP Academic People List <= 0.4.1 Reflected Cross-Site Scripting

The WP Academic People List WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the categoryname parameter in the /admin-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.4.1...

CVE-2021-38316 WP Academic People List <= 0.4.1 Reflected Cross-Site Scripting

The WP Academic People List WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the categoryname parameter in the /admin-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.4.1...

CVE-2021-38322 Twitter Friends Widget <= 3.1 Reflected Cross-Site Scripting

The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmcTFuser and pmcTFpassword parameter found in the /twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1...

Spideranalyse <= 0.0.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the /analyse/index.php file which allows attackers to inject arbitrary web scripts...

OSD Subscribe <= 1.2.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the osdsubscribemessage parameter found in the /options/osdsubscribeoptionssubscribers.php file which allows attackers to inject arbitrary web scripts...

MoolaMojo <= 0.7.4.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the /views/button-generator.html.php file which allows attackers to inject arbitrary web scripts...

3D Cover Carousel <= 1.0 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the /cover-carousel.php file which allows attackers to inject arbitrary web scripts...

Custom Website Data <= 2.2 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the /views/edit.php file which allows attackers to inject arbitrary web scripts...

Bug Library < 2.0.4 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the via the successimportcount parameter found in the /bug-library.php file which allows attackers to inject arbitrary web scripts...

Advance Search < 1.1.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the wpasid parameter found in the /inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts...

Simple Matted Thumbnails <= 1.01 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts...

Dropdown and scrollable Text <= 2.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the /index.php file which allows attackers to inject arbitrary web scripts...

Post Title Counter <= 1.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the /post-title-counter.php file which allows attackers to inject arbitrary web scripts...

WP Scrippets <= 1.5.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /wp-scrippets.php file which allows attackers to inject arbitrary web scripts...