9 matches found
CVE-2024-34567
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 1.1.29...
CVE-2025-24746
CVE-2025-24746 is a stored Cross-Site Scripting vulnerability in the WordPress plugin Popup Maker (versions
CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS
The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks...
Link Library < 7.4.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Install the plugin and go to:...
Login with Cognito < 1.4.9 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Cognito Login » Configure OAuth", and a...
Sliderby10Web < 1.2.53 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Slider » Sliders" and edit one of...
Sliderby10Web < 1.2.53 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Slider » Sliders" and edit one of the...
Cross-site Scripting (XSS) - Stored
Description I am able to bypass the fix in the report https://huntr.dev/bounties/4f7be1e2-b844-4def-af9f-136dcce1c349/ which caused the XSS vulnerability. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page...
Phabricator: XSS with Time-of-Day Format
Go to your user preferences - Put the following into Time-of-Day Format with the quote: '' - Open a repository diffusion - XSS-Popup The repository file-overview is the only place where I could see the XSS so far. Because it's a user own preference, it is not easy to actually do something...