#xss

A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225335.

A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input <script>prompt(document.domain)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225329 was assigned to this vulnerability.

### Impact A reflected cross-site scripting vulnerability has been identified in Goobi viewer core when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the user's browser. ### Patches The vulnerability has been fixed in version 23.03 ### Credits We would like to thank [RUS-CERT](https://cert.uni-stuttgart.de/) for reporting this issues. If you have any questions or comments about this advisory: * Email us at [[email protected]](mailto:[email protected])

### Impact A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. ### Patches The vulnerability has been fixed in version 23.03 If you have any questions or comments about this advisory: * Email us at [[email protected]](mailto:[email protected])

### Impact A cross-site scripting vulnerability has been identified in Goobi viewer core when using nicknames. An attacker could create a user account and enter malicious scripts into their profile's nickname, resulting in the execution in the user's browser when displaying the nickname on certain pages. ### Patches The vulnerability has been fixed in version 23.03 If you have any questions or comments about this advisory: * Email us at [[email protected]](mailto:[email protected])

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin <= 1.6.17 versions.

Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin <= 4.1.10 versions.

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.