Page 9 of 8835 results (0.048 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/curry136/cve/blob/main/xss8.md https://vuldb.com/?ctiid.284682 https://vuldb.com/?id.284682 https://vuldb.com/?submit.443189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/uix-slideshow/trunk/includes/shortcodes.php#L26 https://wordpress.org/plugins/uix-slideshow/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/f189f606-ec30-4f5d-81c9-d526ba7141f0?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/drop-shadow-boxes/trunk/dropshadowboxes.php#L150 https://wordpress.org/plugins/drop-shadow-boxes/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/fa0a296a-a93f-4c0e-9911-b4f9bdd53fad?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input <svg%20onload=alert(document.cookie)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/sh3rl0ckpggp/0day/blob/main/code-projects_online-shop_CrossSiteScripting.md https://vuldb.com/?ctiid.284679 https://vuldb.com/?id.284679 https://vuldb.com/?submit.442075 https://youtu.be/QThAqddl5Dk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1

A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument db_login_role leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://docs.google.com/document/d/1_kk14QhqJuqMGzAD_SUlOSvCGwYdeF4gI8m7mVTPBAQ/edit?usp=sharing https://vuldb.com/?ctiid.284675 https://vuldb.com/?id.284675 https://vuldb.com/?submit.438471 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •