3 matches found
CVE-2021-24723
The WP Reactions Lite WordPress plugin before 1.3.6 does not properly sanitize inputs within wp-admin pages, allowing users with sufficient access to inject XSS payloads within /wp-admin/ pages...
CVE-2019-8290
Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sentregister.php allowing special characters to be included and an XSS payload to be injected...
PT-2020-19758 · Hello.Js · Hellojs
Name of the Vulnerable Software and Affected Versions: hellojs versions prior to 1.18.6 hello.js versions prior to 1.18.6 Description: The issue arises from the package getting the oauth redirect parameter from the URL and passing it to location.assign without proper checks and sanitization. This...