#xss

Microweber CMS prior to version 2.0.3 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahumedia SAHU TikTok Pixel for E-Commerce plugin <= 1.2.2 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZORSKI CloudNet360 plugin <= 3.2.0 versions.

Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT WP Connector plugin <= 2.1.7 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin <= 1.4.11 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin <= 2.1 versions.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in D. Relton Medialist plugin <= 1.3.9 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kathy Darling Simple User Listing plugin <= 1.9.2 versions.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jens Kuerschner Add to Calendar Button plugin <= 1.5.1 versions.