| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fazilatunnesa News Ticker newsticker allows Stored XSS.This issue affects News Ticker: from n/a through <= 1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in plenigo Plenigo plenigo allows Stored XSS.This issue affects Plenigo: from n/a through <= 1.12.0. |
| Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into the ‘Xml’ parameter on the ‘/public/cgi/Gateway.php’ endpoint. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in luzuk Themes Luzuk Slider luzuk-slider allows Stored XSS.This issue affects Luzuk Slider: from n/a through <= 0.1.5. |
| A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meini Utech Spinning Earth utech-spinning-earth allows DOM-Based XSS.This issue affects Utech Spinning Earth: from n/a through <= 1.2. |
| A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sazzad Image Carousel Shortcode image-carousel-shortcode allows DOM-Based XSS.This issue affects Image Carousel Shortcode: from n/a through <= 1.2. |
| A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in richteam Share Buttons – Social Media rich-web-share-button allows Blind SQL Injection.This issue affects Share Buttons – Social Media: from n/a through <= 1.0.2. |
| A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This vulnerability can result in the execution of malicious JavaScript, allowing for account takeover, credential theft, or redirection to a malicious website. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Simpson Community Yard Sale community-yard-sale allows Stored XSS.This issue affects Community Yard Sale: from n/a through <= 1.1.11. |
| The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin not properly validating a user's role prior to registering a user via the Social Login addon. This makes it possible for unauthenticated attackers to update their role to Administrator when registering on the site. |
| An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in giovanebribeiro WP PagSeguro Payments wp-pagseguro-payments allows Stored XSS.This issue affects WP PagSeguro Payments: from n/a through <= 1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marco Piarulli My Restaurant Menu my-restaurant-menu allows Stored XSS.This issue affects My Restaurant Menu: from n/a through <= 0.2.0. |
| The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.0.1. This is due to missing nonce validation and missing file type validation in the '/custom-font-code/custom-fonts-uploads.php' file. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bchristopeit WoW Guild Armory Roster guild-armory-roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through <= 0.5.5. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salehattari best bootstrap widgets for elementor best-bootstrap-widgets-for-elementor allows DOM-Based XSS.This issue affects best bootstrap widgets for elementor: from n/a through <= 1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Custom Dashboard Widget create-custom-dashboard-widget allows Stored XSS.This issue affects Custom Dashboard Widget: from n/a through <= 1.0.0. |
