Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-25789: WordPress Tapfiliate plugin <= 3.0.12 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <= 3.0.12 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-25787: WordPress WP资源下载管理 plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP?????? plugin <= 1.3.9 versions.

CVE-2023-25786: WordPress Eyes Only: User Access Shortcode plugin <= 1.8.2 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <= 1.8.2 versions.

CVE-2023-25784: WordPress Sticky Ad Bar Plugin plugin <= 1.3.1 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon Plan Gratos Sticky Ad Bar plugin <= 1.3.1 versions.

CVE-2023-25783: WordPress FireCask Like & Share Button plugin <= 1.1.5 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions.

CVE-2023-29839: GitHub - jichngan/CVE-2023-29839: Hotel Druid 3.0.4 Stored Cross Site Scripting Vulnerability

A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.

CVE-2023-31434: Stored and reflected XSS - CVE-2023-31434

The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations.

Emporium Multi-Vendor 2.1 Cross Site Scripting

Emporium Multi-Vendor version 2.1 suffers from a cross site scripting vulnerability.

CVE-2023-2477

A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227869 was assigned to this vulnerability.

CVE-2023-2476: 公告功能存在存储型XSS漏洞 · Issue #I6W380 · dromara/J2eeFAST - Gitee.com

A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument ????/???? leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-227868.