Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-25027: WordPress Chained Quiz plugin <= 1.3.2.5 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Chained Quiz plugin <= 1.3.2.5 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-24398: WordPress EZP Coming Soon Page plugin <= 1.0.7.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions.

CVE-2023-25046: WordPress Podlove Podcast Publisher plugin <= 3.8.2 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions.

CVE-2023-25059: WordPress avalex plugin <= 3.0.3 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin <= 3.0.3 versions.

CVE-2023-24402: WordPress WP Booking System – Booking Calendar plugin <= 2.0.18 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions.

CVE-2023-25061: WordPress Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 - Cross Site Scripting (XSS) - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.

CVE-2023-1931: WordPress Security Plugin | Wordfence

[PUSHED PREMATURELY] Information temporarily redacted until it should be made public.

CVE-2014-125094

A vulnerability classified as problematic was found in phpMiniAdmin up to 1.8.120510. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.140405 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-225001 was assigned to this vulnerability.

CVE-2023-29015: escape comment text; fixes #24585 · intranda/goobi-viewer-core@f0ccde2

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. The vulnerability has been fixed in version 23.03.

CVE-2023-29016: added nickname validator; html escape existing values when displaying; · intranda/goobi-viewer-core@8eadb32

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts into their profile's nickname, resulting in the execution in the user's browser when displaying the nickname on certain pages. The vulnerability has been fixed in version 23.03.