#xss

Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php.

In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.

Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability in PHPRADAR Woocommerce Tip/Donation plugin <= 1.2 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Balasaheb Bhise Advanced Youtube Channel Pagination plugin <= 1.0 version.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Praveen Goswami Advanced Category Template plugin <= 0.1 versions.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Roberts Tippy plugin <= 6.2.1 versions.

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker to store an arbitrary JavaScript payload on the diagnosis page of the device. That page is loaded immediately after login in to the device and runs the stored payload, allowing the attacker to read and write browser data and reduce system performance.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 Extensions for Leaflet Map plugin <= 3.4.1 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paul Kehrer Updraft plugin <= 0.6.1 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pradeep Singh Dynamically Register Sidebars plugin <= 1.0.1 versions.