| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information. |
| Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions. |
| Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions. |
| Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions. |
| Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions. |
| An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction. |
| Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions. |
| Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions. |
| Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions. |
| Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions. |
| Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions. |
| A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions. |
| Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions. |
| Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions. |