Eyoucms Cross-Site Scripting Vulnerability (CNVD-2022-13194)

Zanzan Network Technology EyouCms EyouCms is a ThinkPHP-based open source content management system CMS from Zanzan Network Technology in China. version v1.4.1 of Eyoucms has a security vulnerability. An attacker can use the vulnerability to execute arbitrary web scripts or HTML...

Cross site scripting

A cross site scripting XSS vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter...

CVE-2020-21362

CVE-2020-21362 affects Maccms 10 (a PHP-based CMS). The issue is a cross-site scripting vulnerability in the background search function, exploitable via the 'wd' parameter, allowing an attacker to inject and render arbitrary web scripts or HTML. Connected documents corroborate the vulnerable comp...

CVE-2021-34640 Securimage-WP-Fixed <= 3.5.4 Reflected Cross-Site Scripting

The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4...

CVE-2021-34640

CVE-2021-34640 affects the WordPress plugin Securimage-WP-Fixed (versions ≤ 3.5.4). The vulnerability is a reflected Cross-Site Scripting (XSS) caused by using $_SERVER['PHP_SELF'] in the securimage-wp.php file, allowing attackers to inject arbitrary web scripts into the affected site. Impact is ...

Cross site scripting

A stored cross site scripting XSS vulnerability in the webcopyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML...

Cross site scripting

A stored cross site scripting XSS vulnerability in the webattr2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML...

CVE-2020-21930

A stored cross site scripting XSS vulnerability in the webattr2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML...

CVE-2020-21929

CVE-2020-21929 is a stored XSS vulnerability affecting Eyoucms v1.4.1 in the web_copyright field. The issue permits authenticated attackers to inject and execute arbitrary web scripts or HTML. Reported details consistently cite an authenticated context and user interaction is not explicitly requi...

CVE-2020-21929

A stored cross site scripting XSS vulnerability in the webcopyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML...

WordPress Code Injection Vulnerability (CNVD-2021-61433)

WordPress is the WordPress Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. function in the /news-plugin.php file is vulnerable to a cross-site request forgery attack, which...

Cross site scripting

UNSUPPORTED WHEN ASSIGNED A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sysjdbc parameter to /TestJDBCWeb/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Cross site scripting

The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the /includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18...

CVE-2021-34660 WP Fusion Lite <= 3.37.18 Reflected Cross-Site Scripting

The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the /includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18...

GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2021-61755)

GetSimple CMS is an XML-based, fully independent and streamlined content management system. /admin/snippets.php in GetSimple CMS version 3.4.0a is vulnerable to a stored cross-site scripting vulnerability, which can be exploited by attackers to execute arbitrary Web scripts or HTML via the Edit...

CVE-2020-21353

A stored cross site scripting XSS vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module...

CVE-2020-21357

A stored cross site scripting XSS vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field...

CVE-2020-21357

A stored cross site scripting XSS vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field...

CVE-2021-34634

The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the solanlwphead function found in the /sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23...

Cross site request forgery (csrf)

The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the solanlwphead function found in the /sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23...