| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. |
| Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2. |
| The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting |
| Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28. |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7. |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7. |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10. |
| The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting |
| The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission |
| Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2. |
| The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting |
| The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins |
| A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack. |
| The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue. |
| The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. |
| The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting |
