#xss

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Mann Simple Site Verify plugin <= 1.0.7 versions.

Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page.

Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arbitrary code via a crafted payload to the public_html/doc/index.html.

Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.

HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal cookie-based authentication credentials and comprise a user's account then launch other attacks.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Social Feed | All social media in one place plugin <= 1.5.4.6 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Map Plugins Basic Interactive World Map plugin <= 2.0 versions.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Apollo13Themes Apollo13 Framework Extensions plugin <= 1.9.0 versions.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions.