| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action. |
| VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation. |
| core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. |
| core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. |
| A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF. |
| Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account. |
| PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_student.php. |
| A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. |
| The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process. |
| PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action. |
| PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action. |
| PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page. |
| Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js. |
| Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3. |
| Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field. |
| Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field. |
