Page 16 of 7129 results (0.150 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. • source=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

The manipulation leads to cross site scripting. ... Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/cydtseng/Vulnerability-Research/blob/main/rebuild/StoredXSS-TaskCommentAttachments.md https://vuldb.com/?ctiid.288534 https://vuldb.com/?id.288534 https://vuldb.com/?submit.458623 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

The manipulation leads to cross site scripting. ... Durch die Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/cydtseng/Vulnerability-Research/blob/main/rebuild/StoredXSS-TaskComments.md https://vuldb.com/?ctiid.288533 https://vuldb.com/?id.288533 https://vuldb.com/?submit.458622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •