| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in hwk-fr WP 404 Auto Redirect to Similar Post plugin <= 1.0.3 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Chuang WP LINE Notify plugin <= 1.4.4 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme WP VR plugin <= 8.3.4 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.7 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin <= 1.6.9 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim Krill WP Jump Menu plugin <= 3.6.4 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewel Theme WP Adminify plugin <= 3.1.6 versions. |
| The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'adfo_list' shortcode in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Syed Balkhi WP Lightbox 2 plugin <= 3.0.6.5 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpspeed Fast WP Speed plugin <= 1.0.0 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions. |
| A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to take over another user's account and read her/his chat messages. |
| Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has been fixed in version 1.18.5.
|
| A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. |
| A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. |
| A vulnerability classified as problematic was found in Campcodes Complete Online DJ Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257473 was assigned to this vulnerability. |
| A vulnerability classified as problematic has been found in Campcodes Complete Online DJ Booking System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257472. |
