#xss

The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed

The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed

SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php.

WordPress ScrollReveal.js Effects plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.

A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter.

XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.

element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column.

Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.

Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.