| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is the function rename of the file /admin/file/rename.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument name/path leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPJobBoard Jobeleon Theme allows Reflected XSS.This issue affects Jobeleon Theme: from n/a through 1.9.1.
|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iFlyChat Team iFlyChat – WordPress Chat iflychat allows Stored XSS.This issue affects iFlyChat – WordPress Chat: from n/a through 4.7.2.
|
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. |
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. |
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature.
Upgrade to Apache Sling App CMS >= 1.1.4
|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor One Click Accessibility allows Stored XSS. This issue affects One Click Accessibility: from n/a through 3.1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in آریا وردپرس Aria Font allows Stored XSS. This issue affects Aria Font: from n/a through 1.4. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ankit Singla WordPress Spam Blocker allows Stored XSS. This issue affects WordPress Spam Blocker: from n/a through 2.0.4. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield allows Stored XSS. This issue affects Link Shield: from n/a through 0.5.4. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Grade Us, Inc. Review Stream allows Stored XSS. This issue affects Review Stream: from n/a through 1.6.7. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator allows Stored XSS. This issue affects DeBounce Email Validator: from n/a through 5.7.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Wetterwarner allows Stored XSS. This issue affects Wetterwarner: from n/a through 2.7.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChillPay ChillPay WooCommerce allows Stored XSS. This issue affects ChillPay WooCommerce: from n/a through 2.5.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Chris WP Editor.md – The Perfect WordPress Markdown Editor allows Stored XSS. This issue affects WP Editor.md – The Perfect WordPress Markdown Editor: from n/a through 10.2.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YouTube Embed Plugin Support YouTube Embed allows Stored XSS. This issue affects YouTube Embed: from n/a through 5.3.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Waymark allows Stored XSS. This issue affects Waymark: from n/a through 1.5.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG Lite allows DOM-Based XSS. This issue affects MapSVG Lite: from n/a through 8.5.32. |
