| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. |
| The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process. |
| PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action. |
| PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action. |
| PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page. |
| Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js. |
| Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3. |
| Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field. |
| Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script. |
| PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field. |
| MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen. |
| static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href. |
| An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access. |
| Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'email:"[email protected]"' request, which can be followed by a password reset. |
