Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-25977: WordPress CPT – Speakers plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9seeds.Com CPT – Speakers plugin <= 1.1 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-30097: Edoardo Ottavianelli

A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field.

CVE-2023-25982: WordPress Simple YouTube Responsive plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Eirudo Simple YouTube Responsive plugin <= 2.5 versions.

CVE-2023-30095: [Security] Stored XSS in channel description · Issue #11 · totaljs/messenger

A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field.

CVE-2023-30096: [Security] Stored XSS in user fields · Issue #10 · totaljs/messenger

A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field.

CVE-2023-30094: [Security] Stored XSS in platform name · Issue #100 · totaljs/flow

A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module.

CVE-2023-30094

A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module.

CVE-2023-2521

A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formFilter of the component POST Request Handler. The manipulation of the argument url with the input <svg onload=alert(1337)> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228012. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-30184: Typecho <= 1.2.0 Comments URL with Stored-XSS Vulnerability · Issue #1546 · typecho/typecho

A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment.

Companymaps 8.0 Cross Site Scripting

Companymaps version 8.0 suffers from a cross site scripting vulnerability.