| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting |
| The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting |
| The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. |
| The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. |
| The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting |
| Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc. |
| Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. |
| Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. |
| Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. |
| Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. |
| Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes. |
| stored xss in GitHub repository getgrav/grav prior to 1.7.33. |
| The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting |
| In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. |
| There is a XSS vulnerability in Careerfy. |
| There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1. |
| There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters. |
| The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature |
| Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next. |
| A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts |
