| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alireza Aliniya Nias course nias-course allows DOM-Based XSS.This issue affects Nias course: from n/a through <= 1.2.10. |
| Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen. |
| The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Reflected XSS.This issue affects Wallet System for WooCommerce: from n/a through <= 2.6.8. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakub Glos Off Page SEO off-page-seo allows Reflected XSS.This issue affects Off Page SEO: from n/a through <= 3.0.3. |
| A vulnerability was determined in jairiidriss RestaurantWebsite up to e7911f12d035e8e2f9a75e7a28b59e4ef5c1d654. Impacted is an unknown function of the component Make a Reservation. This manipulation of the argument selected_date causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. |
| The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in epeken Epeken All Kurir epeken-all-kurir allows Stored XSS.This issue affects Epeken All Kurir: from n/a through <= 2.0.6. |
| The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnit_sns_title' parameter in all versions up to, and including, 9.112.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelooks mFolio Lite mfolio-lite allows DOM-Based XSS.This issue affects mFolio Lite: from n/a through <= 1.2.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pedjas Stop Comment Spam stop-comment-spam allows Stored XSS.This issue affects Stop Comment Spam: from n/a through <= 0.5.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through <= 11.71. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery gt3-photo-video-gallery allows Reflected XSS.This issue affects Photo Gallery: from n/a through <= 2.7.7.26. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tsinf TS Comfort DB ts-comfort-database allows Reflected XSS.This issue affects TS Comfort DB: from n/a through <= 2.0.7. |
| A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Hostname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Contact Form With Shortcode contact-form-with-shortcode allows Reflected XSS.This issue affects Contact Form With Shortcode: from n/a through <= 4.2.5. |
| The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Qode Qi Blocks qi-blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through <= 1.4.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dialogity Dialogity Free Live Chat dialogity-website-chat allows Stored XSS.This issue affects Dialogity Free Live Chat: from n/a through <= 1.0.3. |
