| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. |
| The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed. |
| Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. |
| The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the ~/src/Application/Controller/User/Customer/AddCustomerController.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user accesses the booking calendar with the date the attacker has injected the malicious payload into. This affects versions up to and including 1.0.46. |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. |
| Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0. |
| Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0. |
| The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin. |
| Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium) |
| The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter |
| Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0. |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2. |
| The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin (Translator and Administrator by default) to add arbitrary javascript payloads to the source strings leading to a stored cross-site scripting (XSS) vulnerability. |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3. |
| Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130. |
| Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. |
| Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. |
| The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. |
| Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. |
