ReportizFlow
Filtered by vendor
Subscriptions
Total
45094 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18938 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field. | ||||
| CVE-2019-9110 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php. | ||||
| CVE-2023-31860 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 5.4 Medium |
| Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. | ||||
| CVE-2020-19770 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie. | ||||
| CVE-2018-17426 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI. | ||||
| CVE-2018-10368 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement. | ||||
| CVE-2018-11549 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring. | ||||
| CVE-2019-9107 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. | ||||
| CVE-2024-1331 | 1 Wpdarko | 1 Team Members | 2025-05-05 | 6.1 Medium |
| The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-1333 | 1 Wpdarko | 1 Responsive Pricing Table | 2025-05-05 | 5.4 Medium |
| The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-1658 | 2 Wordpress, Wpdarko | 2 Grid Shortcodes, Grid Shortcodes | 2025-05-05 | 5.4 Medium |
| The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-7085 | 1 Sterlinghamilton | 1 Scalable Vector Graphics \(svg\) | 2025-05-05 | 5.4 Medium |
| The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | ||||
| CVE-2023-7236 | 1 Backupbolt | 1 Backup Bolt | 2025-05-05 | 4.7 Medium |
| The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. | ||||
| CVE-2024-32342 | 1 Boidcms | 1 Boidcms | 2025-05-05 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter. | ||||
| CVE-2024-32343 | 1 Boidcms | 1 Boidcms | 2025-05-05 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. | ||||
| CVE-2022-24227 | 1 Boltwire | 1 Boltwire | 2025-05-05 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters. | ||||
| CVE-2022-23808 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-05-05 | 6.1 Medium |
| An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection. | ||||
| CVE-2022-23599 | 1 Plone | 1 Plone | 2025-05-05 | 4.3 Medium |
| Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user's cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory. | ||||
| CVE-2022-21719 | 1 Glpi-project | 1 Glpi | 2025-05-05 | 6.1 Medium |
| GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known workarounds. | ||||
| CVE-2022-1094 | 1 Anmari | 1 Amr Users | 2025-05-05 | 4.8 Medium |
| The amr users WordPress plugin before 4.59.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||