7736 results (0.552 seconds)

CVSS: 6.4EPSS: %CPEs: 1EXPL: 0

21 Jan 2025 — The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: %CPEs: 1EXPL: 0

21 Jan 2025 — However, a properly configured payload allows for the injection of malicious JavaScript resulting in Stored Cross-Site Scripting. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.3EPSS: %CPEs: -EXPL: 0

21 Jan 2025 — Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue affects Poll Maker: from n/a through n/a. • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-5-5-5-html-injection-vulnerability?_s_id=cve • CWE-116: Improper Encoding or Escaping of Output •

CVSS: 7.1EPSS: %CPEs: -EXPL: 0

21 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ARPrice allows Reflected XSS. • https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: %CPEs: -EXPL: 0

21 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. • https://patchstack.com/database/wordpress/plugin/hmenu/vulnerability/wordpress-hero-menu-plugin-1-16-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: %CPEs: 1EXPL: 0

21 Jan 2025 — The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter of the Button block in all versions up to, and including, 3.13.11 due to insufficient input sanitization and output escaping. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: %CPEs: 1EXPL: 0

21 Jan 2025 — The XML for Google Merchant Center plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'feed_id' parameter in all versions up to, and including, 3.0.11 due to insufficient input sanitization and output escaping. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: %CPEs: 1EXPL: 0

21 Jan 2025 — The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_pictures' shortcode in all versions up to, and including, 1.5.19 due to insufficient input sanitization and output escaping on user supplied attributes. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: %CPEs: -EXPL: 0

21 Jan 2025 — SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function. • https://github.com/MarioTesoro/CVE-2024-54795 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: -EPSS: %CPEs: -EXPL: 0

21 Jan 2025 — PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php. • https://github.com/kirito999/HMS_stored_XSS/blob/main/stored%20XSS1%20%20in%20HMS4.0/stored%20XSS%20%20in%20HMS.md •