Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-25485: WordPress JSON Content Importer plugin <= 1.3.15 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bernhard Kux JSON Content Importer plugin <= 1.3.15 versions.

CVE
Open in Source
#xss#vulnerability#web#js#wordpress#auth
CVE-2021-26947: [SEC] CVE-2021-26947 - Cross-site scripting (XSS) issue Odoo Communi... · Issue #107694 · odoo/odoo

Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link.

CVE-2021-44775: [SEC] CVE-2021-44775 - Cross-site scripting (XSS) issue in Website a... · Issue #107691 · odoo/odoo

Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.

CVE-2021-26263: [SEC] CVE-2021-26263 - Cross-site scripting (XSS) issue in Discuss a... · Issue #107693 · odoo/odoo

Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.

CVE-2021-45071: [SEC] CVE-2021-45071 - Cross-site scripting (XSS) issue Odoo Communi... · Issue #107697 · odoo/odoo

Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names.

GHSA-wv7j-rc2q-9j67: Cross Site Scripting in CraftCMS

CraftCMS prior to version 3.7.68 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.

CVE-2023-30177: Fixed an XSS vulnerability. · craftcms/cms@00fb253

CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.

CVE-2023-25484: WordPress Simple Yearly Archive plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliver Schlöbe Simple Yearly Archive plugin <= 2.1.8 versions.

CVE-2022-47608: WordPress Quick Contact Form plugin <= 8.0.3.1 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.

CVE-2023-25314: Thanks Jefferson Gonzales · WWBN/AVideo@2b44dee

Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user.