| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. |
| The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue |
| The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. |
| Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0. |
| Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0. |
| Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0. |
| Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. |
| Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. |
| Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0. |
| Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14. |
| The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed |
| The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. |
| The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting |
| Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. |
| Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. |
| Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1. |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1. |
| Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. |
| The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboard |
| Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. |
