| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. |
| Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4. |
| Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. |
| Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. |
| Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4. |
| Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4. |
| Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0. |
| File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. |
| XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11. |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12. |
| File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. |
| Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12. |
| The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.This issue affects DivvyDrive: from unspecified before v.4.6.2.0. |
| The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. |
| The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. |
| The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting |
