13 matches found
EUVD-2024-40250
Malicious code in bioql PyPI...
CVE-2025-53933 WeGIA vulnerable to Stored Cross-Site Scripting via endpoint 'adicionar_enfermidade.php' parameter 'nome'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarenfermidade.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to...
AGP Font Awesome Collection <= 3.2.4 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
IP Metaboxes <= 2.1.1 - Unauthenticated Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2017-18599
The Pinfinity theme before 2.0 for WordPress has XSS via the s parameter...
Code injection
WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter...
CVE-2018-15842
WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter...
CVE-2018-7996
Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter...
Cross site scripting
The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly...
DVGuestbook 1.0/1.2.2 index.php page Parameter XSS
No description provided by source...
PHProg 1.0 index.php album Parameter XSS
No description provided by source...
TextAds delete.php id Parameter XSS
No description provided by source...
EncapsGallery 1.11.2 - watermark.php file Parameter XSS
No description provided by source...