WordPress Bit File Manager plugin <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via SVG File Uploads vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Bit File Manager versions = 6.7...

WordPress Newsletter plugin < 8.8.2 - Admin+ Stored XSS via Subscription vulnerability

Admin+ Stored XSS via Subscription vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin NewsLetter versions 8.8.2...

CVE-2019-19493

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS...

WordPress MapSVG plugin <= 8.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Mo'men Saad in WordPress Plugin MapSVG versions = 8.6.4...

WordPress Lucas String Replace Plugin <= 2.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Lucas String Replace Type Plugin Vulnerable versions = 2.0.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8734 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d57e73116724 Credits vgo0 Required...

WordPress Fluid Notification Bar Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Fluid Notification Bar Type Plugin Vulnerable versions = 3.2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3031 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9d5acb8ad0ee Credits Benedictus Jovan...

WordPress Access Category Password Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Access Category Password Type Plugin Vulnerable versions = 1.5.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32535 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c844ee6de29c Credits Dimas Maulana Required...

Welcart e-Commerce < 2.8.4 - Multiple Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks PoC add new payment method with XSS exploit: fetch'http://localhost/tester-wp/wp-admin/admin-ajax.php', method: 'POST', headers: ne...

champagnefuneralchapel.com XSS vulnerability

Open Bug Bounty ID: OBB-657927 Description| Value ---|--- Affected Website:| champagnefuneralchapel.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

gooworld.jp XSS vulnerability

Open Bug Bounty ID: OBB-638848 Description| Value ---|--- Affected Website:| gooworld.jp Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

taggtogo.com XSS vulnerability

Open Bug Bounty ID: OBB-618672 Description| Value ---|--- Affected Website:| taggtogo.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

swedol.no XSS vulnerability

Open Bug Bounty ID: OBB-560920 Description| Value ---|--- Affected Website:| swedol.no Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

levyna.cz XSS vulnerability

Open Bug Bounty ID: OBB-549924 Description| Value ---|--- Affected Website:| levyna.cz Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

allfreeapk.com XSS vulnerability

Open Bug Bounty ID: OBB-531289 Description| Value ---|--- Affected Website:| allfreeapk.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

filandia-quindio.gov.co XSS vulnerability

Open Bug Bounty ID: OBB-260556 Description| Value ---|--- Affected Website:| filandia-quindio.gov.co Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

antiumaurum.com XSS vulnerability

Vulnerable URL: http://www.antiumaurum.com/search.php/stare-mincecateg%5B%5D=113?p=1"...

timberlofthouse.com XSS vulnerability

Vulnerable URL: http://www.timberlofthouse.com/index.php?seed=1"...

impactcomms.com XSS vulnerability

Vulnerable URL: http://www.impactcomms.com/popupcupchart.php?cup=1/-///'/"//--...

litv.tv XSS vulnerability

Vulnerable URL: https://www.litv.tv/search/search.do?searchinput=searchinput%22%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E&cfwaftk=065929002t7GnPsgV3pcSXYu6uDlX-GR9C8 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:|...

live-jasmine.webcam XSS vulnerability

Vulnerable URL: http://www.live-jasmine.webcam/check.php?id=prompt'OPENBUGBOUNTY'...