Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-29774: Stored xss · Issue #10 · iteachyou-wjn/dreamer_cms

Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS).

CVE
Open in Source
#xss#git
CVE-2023-2153

A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/assets/plugins/DataTables/examples/examples_support/editable_ajax.php of the component POST Parameter Handler. The manipulation of the argument value with the input 1><script>alert(666)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226274 is the identifier assigned to this vulnerability.

CVE-2022-45836: WordPress Download Manager plugin <= 3.2.59 - Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions.

CVE-2022-44632: WordPress Content Repeater plugin <= 1.1.13 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denis Buka Content Repeater – Custom Posts Simplified plugin <= 1.1.13 versions.

CVE-2022-45838: WordPress ARForms Form Builder plugin <= 1.5.5 - Unauth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARForms Form Builder plugin <= 1.5.5 versions.

CVE-2022-45839: WordPress WHA Puzzle plugin <= 1.0.9 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA WHA Puzzle plugin <= 1.0.9 versions.

CVE-2022-44735: WordPress ClicTracker plugin <= 1.0.5 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gus Sevilla WP Clictracker plugin <= 1.0.5 versions.

CVE-2023-27092: jbootfly-bbs storage XSS · Issue #1 · yangfuhai/jbootfly

Cross Site Scripting vulnerability found in Jbootfly allows attackers to obtain sensitive information via the username parameter.

CVE-2023-2119: Responsive Filterable Portfolio <= 1.0.19 - Reflected Cross-Site Scripting — Wordfence Intelligence

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2023-2120: Thumbnail carousel slider <= 1.1.9 - Reflected Cross-Site Scripting — Wordfence Intelligence

The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.