daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Normalization of Cross-Site Scripting names (#5329)

patch-1
sullo 2022-09-09 13:34:37 -04:00 committed by GitHub
parent e7969c7dbe
commit b65c24c45e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
174 changed files with 191 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2011/CVE-2011-4618.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-4618
info:
name: Advanced Text Widget < 2.0.2 - Reflected Cross-Site Scripting
name: Advanced Text Widget < 2.0.2 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

2
cves/2011/CVE-2011-4624.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-4624
info:
name: GRAND FlAGallery 1.57 - Reflected Cross-Site Scripting
name: GRAND FlAGallery 1.57 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

2
cves/2011/CVE-2011-4926.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-4926
info:
name: Adminimize 1.7.22 - Reflected Cross-Site Scripting
name: Adminimize 1.7.22 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

2
cves/2011/CVE-2011-5106.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-5106
info:
name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Reflected Cross-Site Scripting
name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.

2
cves/2011/CVE-2011-5107.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-5107
info:
name: Alert Before Your Post <= 0.1.1 - Reflected Cross-Site Scripting
name: Alert Before Your Post <= 0.1.1 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.

2
cves/2011/CVE-2011-5179.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-5179
info:
name: Skysa App Bar 1.04 - Reflected Cross-Site Scripting
name: Skysa App Bar 1.04 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.

2
cves/2011/CVE-2011-5181.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-5181
info:
name: ClickDesk Live Support Live Chat 2.0 - Reflected Cross-Site Scripting
name: ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.

2
cves/2011/CVE-2011-5265.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-5265
info:
name: Featurific For WordPress 1.6.2 - Reflected Cross-Site Scripting
name: Featurific For WordPress 1.6.2 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.

2
cves/2012/CVE-2012-0901.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-0901
info:
name: YouSayToo auto-publishing 1.0 - Reflected Cross-Site Scripting
name: YouSayToo auto-publishing 1.0 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.

2
cves/2012/CVE-2012-1835.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-1835
info:
name: WordPress Plugin All-in-One Event Calendar 1.4 - Reflected Cross-Site Scripting
name: WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.

2
cves/2012/CVE-2012-2371.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-2371
info:
name: WP-FaceThumb 0.1 - Reflected Cross-Site Scripting
name: WP-FaceThumb 0.1 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.

2
cves/2012/CVE-2012-4242.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-4242
info:
name: WordPress Plugin MF Gig Calendar 0.9.2 - Reflected Cross-Site Scripting
name: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.

2
cves/2012/CVE-2012-4273.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-4273
info:
name: 2 Click Socialmedia Buttons < 0.34 - Reflected Cross Site Scripting
name: 2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.

2
cves/2012/CVE-2012-4768.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-4768
info:
name: WordPress Plugin Download Monitor < 3.3.5.9 - Reflected Cross-Site Scripting
name: WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.

2
cves/2012/CVE-2012-4889.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-4889
info:
name: ManageEngine Firewall Analyzer 7.2 - Reflected Cross Site Scripting
name: ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.

2
cves/2012/CVE-2012-5913.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-5913
info:
name: WordPress Integrator 1.32 - Reflected Cross-Site Scripting
name: WordPress Integrator 1.32 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.

2
cves/2013/CVE-2013-2287.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2013-2287
info:
name: WordPress Plugin Uploader 1.0.4 - Reflected Cross-Site Scripting
name: WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.

2
cves/2013/CVE-2013-3526.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2013-3526
info:
name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting
name: WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter."

2
cves/2013/CVE-2013-4117.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2013-4117
info:
name: WordPress Plugin Category Grid View Gallery 2.3.1 - Reflected Cross-Site Scripting
name: WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

2
cves/2013/CVE-2013-4625.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2013-4625
info:
name: WordPress Plugin Duplicator < 0.4.5 - Reflected Cross-Site Scripting
name: WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.

2
cves/2014/CVE-2014-4513.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4513
info:
name: ActiveHelper LiveHelp Server 3.1.0 - Reflected Cross-Site Scripting
name: ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.

4
cves/2014/CVE-2014-4535.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4535
info:
name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting
name: Import Legacy Media <= 0.1 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
@ -14,7 +14,7 @@ info:
cvss-score: 6.1
cve-id: CVE-2014-4535
cwe-id: CWE-79
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth
requests:
- method: GET

4
cves/2014/CVE-2014-4536.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4536
info:
name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected Cross-Site Scripting
name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.
@ -17,7 +17,7 @@ info:
cwe-id: CWE-79
metadata:
google-query: inurl:"/wp-content/plugins/infusionsoft/Infusionsoft/"
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth
requests:
- method: GET

4
cves/2014/CVE-2014-4539.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4539
info:
name: Movies <= 0.6 - Unauthenticated Reflected Cross-Site Scripting
name: Movies <= 0.6 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
@ -14,7 +14,7 @@ info:
cvss-score: 6.1
cve-id: CVE-2014-4539
cwe-id: CWE-79
tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014
tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth
requests:
- method: GET

4
cves/2014/CVE-2014-4544.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4544
info:
name: Podcast Channels < 0.28 - Unauthenticated Reflected Cross-Site Scripting
name: Podcast Channels < 0.28 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability.
@ -14,7 +14,7 @@ info:
cvss-score: 6.1
cve-id: CVE-2014-4544
cwe-id: CWE-79
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth
requests:
- method: GET

4
cves/2014/CVE-2014-4550.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4550
info:
name: Shortcode Ninja <= 1.4 - Unauthenticated Reflected Cross-Site Scripting
name: Shortcode Ninja <= 1.4 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.
@ -16,7 +16,7 @@ info:
cwe-id: CWE-79
metadata:
google-query: inurl:"/wp-content/plugins/shortcode-ninja"
tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014
tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth
requests:
- method: GET

4
cves/2014/CVE-2014-4558.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4558
info:
name: WooCommerce Swipe <= 2.7.1 - Unauthenticated Reflected Cross-Site Scripting
name: WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.
@ -14,7 +14,7 @@ info:
cvss-score: 6.1
cve-id: CVE-2014-4558
cwe-id: CWE-79
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,woocommerce
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,woocommerce,unauth
requests:
- method: GET

4
cves/2014/CVE-2014-4561.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4561
info:
name: Ultimate Weather Plugin <= 1.0 - Unauthenticated Reflected Cross-Site Scripting
name: Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability.
@ -14,7 +14,7 @@ info:
cvss-score: 6.1
cve-id: CVE-2014-4561
cwe-id: CWE-79
tags: cve,cve2014,wordpress,wp-plugin,xss,weather,wpscan
tags: cve,cve2014,wordpress,wp-plugin,xss,weather,wpscan,unauth
requests:
- method: GET

4
cves/2014/CVE-2014-4592.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4592
info:
name: WP Planet <= 0.1 - Unauthenticated Reflected Cross-Site Scripting
name: WP Planet <= 0.1 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.
@ -16,7 +16,7 @@ info:
cwe-id: CWE-79
metadata:
google-query: inurl:"/wp-content/plugins/wp-planet"
tags: cve2014,wordpress,wp-plugin,xss,wpscan,cve
tags: cve2014,wordpress,wp-plugin,xss,wpscan,cve,unauth
requests:
- method: GET

2
cves/2014/CVE-2014-9094.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-9094
info:
name: WordPress DZS-VideoGallery Plugin Reflected Cross-Site Scripting
name: WordPress DZS-VideoGallery Plugin Cross-Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.

4
cves/2014/CVE-2014-9444.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-9444
info:
name: Frontend Uploader <= 0.9.2 - Unauthenticated Cross-Site Scripting
name: Frontend Uploader <= 0.9.2 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability.
@ -12,7 +12,7 @@ info:
- http://web.archive.org/web/20210122092924/https://www.securityfocus.com/bid/71808/
classification:
cve-id: CVE-2014-9444
tags: wp-plugin,xss,wpscan,packetstorm,cve,cve2014,wordpress
tags: wp-plugin,xss,wpscan,packetstorm,cve,cve2014,wordpress,unauth
requests:
- method: GET

2
cves/2016/CVE-2016-1000141.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2016-1000141
info:
name: WordPress Page Layout builder v1.9.3 - Reflected Cross-Site Scripting
name: WordPress Page Layout builder v1.9.3 - Cross-Site Scripting
author: daffainfo
severity: medium
description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability.

2
cves/2017/CVE-2017-14651.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2017-14651
info:
name: WSO2 Data Analytics Server 3.1.0 - Reflected Cross-Site Scripting
name: WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
author: mass0ma
severity: medium
description: WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.

2
cves/2018/CVE-2018-11709.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2018-11709
info:
name: WordPress wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting
name: WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting
author: daffainfo
severity: medium
description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI.

2
cves/2019/CVE-2019-7255.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-7255
info:
name: Linear eMerge E3 - Cross Site Scripting
name: Linear eMerge E3 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |

2
cves/2020/CVE-2020-13258.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-13258
info:
name: Contentful - Reflected XSS
name: Contentful - Cross-Site Scripting
author: pikpikcu
severity: medium
description: |

2
cves/2020/CVE-2020-13483.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-13483
info:
name: Bitrix24 through 20.0.0 allows XSS
name: Bitrix24 through 20.0.0 allows Cross-Site Scripting
author: pikpikcu,3th1c_yuk1
severity: medium
description: The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.

4
cves/2020/CVE-2020-17362.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-17362
info:
name: Nova Lite < 1.3.9 - Unauthenticated Reflected Cross-Site Scripting
name: Nova Lite < 1.3.9 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Nova Lite before 1.3.9 for WordPress is susceptible to reflected cross-site scripting via search.php.
@ -14,7 +14,7 @@ info:
cvss-score: 6.1
cve-id: CVE-2020-17362
cwe-id: CWE-79
tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020
tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020,unauth
requests:
- method: GET

2
cves/2021/CVE-2021-24276.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-24276
info:
name: Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)
name: Contact Form by Supsystic < 1.7.15 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

2
cves/2021/CVE-2021-24291.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-24291
info:
name: Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)
name: Photo Gallery < 1.5.69 - Multiple Cross-Site Scripting
author: geeknik
severity: medium
description: The plugin was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)

2
cves/2021/CVE-2021-24298.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-24298
info:
name: Simple Giveaways < 2.36.2 - Reflected Cross-Site Scripting (XSS)
name: Simple Giveaways < 2.36.2 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS

2
cves/2021/CVE-2021-24746.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-24746
info:
name: WordPress Sassy Social Share Plugin - Reflected XSS
name: WordPress Sassy Social Share Plugin - Cross-Site Scripting
author: Supras
severity: medium
description: WP plugin Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting

2
cves/2021/CVE-2021-25055.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-25055
info:
name: WordPress FeedWordPress < 2022.0123 - Authenticated Reflected Cross-Site Scripting
name: WordPress FeedWordPress < 2022.0123 - Authenticated Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: |

2
cves/2021/CVE-2021-25085.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-25085
info:
name: WOOF WordPress plugin - Reflected Cross-Site Scripting
name: WOOF WordPress plugin - Cross-Site Scripting
author: Maximus Decimus
severity: medium
description: |

2
cves/2021/CVE-2021-25112.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-25112
info:
name: WHMCS Bridge < 6.4b - Cross-Site Scripting (XSS)
name: WHMCS Bridge < 6.4b - Cross-Site Scripting
author: dhiyaneshDk
severity: medium
description: |

2
cves/2021/CVE-2021-31682.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-31682
info:
name: WebCTRL OEM <= 6.5 Reflected Cross-Site Scripting
name: WebCTRL OEM <= 6.5 Cross-Site Scripting
author: gy741,dhiyaneshDk
severity: medium
description: WebCTRL OEM 6.5 and prior is susceptible to a cross-site scripting vulnerability because the login portal does not sanitize the operatorlocale GET parameter.

2
cves/2021/CVE-2021-35265.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-35265
info:
name: MaxSite CMS XSS
name: MaxSite CMS Cross-Site Scripting
author: pikpikcu
severity: medium
description: A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page."

2
cves/2021/CVE-2021-35488.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-35488
info:
name: Thruk 2.40-2 - Cross Site Scripting
name: Thruk 2.40-2 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |

2
cves/2021/CVE-2021-37573.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-37573
info:
name: Tiny Java Web Server - Reflected Cross-Site Scripting
name: Tiny Java Web Server - Cross-Site Scripting
author: geeknik
severity: medium
description: A reflected cross-site scripting vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error page.

2
cves/2021/CVE-2021-38704.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-38704
info:
name: ClinicCases 7.3.3 Reflected Cross-Site Scripting
name: ClinicCases 7.3.3 Cross-Site Scripting
author: alph4byt3
severity: medium
description: ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft.

2
cves/2021/CVE-2021-39320.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-39320
info:
name: WordPress underConstruction Plugin< 1.19 - Reflected Cross-Site Scripting
name: WordPress underConstruction Plugin< 1.19 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path.

2
cves/2021/CVE-2021-39322.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-39322
info:
name: WordPress Easy Social Icons Plugin < 3.0.9 - Reflected Cross-Site Scripting
name: WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path.

2
cves/2021/CVE-2021-39350.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-39350
info:
name: FV Flowplayer Video Player WordPress plugin - Authenticated Reflected Cross-Site Scripting
name: FV Flowplayer Video Player WordPress plugin - Authenticated Cross-Site Scripting
author: gy741
severity: medium
description: The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts in versions 7.5.0.727 - 7.5.2.727.

2
cves/2021/CVE-2021-40542.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-40542
info:
name: Opensis-Classic 8.0 - Reflected Cross-Site Scripting
name: Opensis-Classic 8.0 - Cross-Site Scripting
author: alph4byt3
severity: medium
description: |

2
cves/2021/CVE-2021-41349.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-41349
info:
name: Microsoft Exchange Server Pre-Auth POST Based Reflected Cross-Site Scripting
name: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting
author: rootxharsh,iamnoooob
severity: medium
description: Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305.

2
cves/2021/CVE-2021-41467.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-41467
info:
name: JustWriting - Reflected Cross-Site Scripting
name: JustWriting - Cross-Site Scripting
author: madrobot
severity: medium
description: A cross-site scripting vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.

2
cves/2021/CVE-2021-41878.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-41878
info:
name: i-Panel Administration System - Reflected Cross-Site Scripting
name: i-Panel Administration System - Cross-Site Scripting
author: madrobot
severity: medium
description: A reflected cross-site scripting vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console.

2
cves/2021/CVE-2021-41951.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-41951
info:
name: Resourcespace - Reflected Cross-Site Scripting
name: Resourcespace - Cross-Site Scripting
author: coldfish
severity: medium
description: ResourceSpace before 9.6 rev 18290 is affected by a reflected cross-site scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter.

2
cves/2021/CVE-2021-42551.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-42551
info:
name: NetBiblio WebOPAC - Reflected Cross-Site Scripting
name: NetBiblio WebOPAC - Cross-Site Scripting
author: compr00t
severity: medium
description: NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia module through /NetBiblio/search/shortview via the searchTerm parameter.

2
cves/2021/CVE-2021-42565.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-42565
info:
name: myfactory FMS - Reflected Cross-Site Scripting
name: myfactory FMS - Cross-Site Scripting
author: madrobot
severity: medium
description: myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter.

2
cves/2021/CVE-2021-42566.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-42566
info:
name: myfactory FMS - Reflected Cross-Site Scripting
name: myfactory FMS - Cross-Site Scripting
author: madrobot
severity: medium
description: myfactory.FMS before 7.1-912 allows cross-site scripting via the Error parameter.

2
cves/2021/CVE-2021-42567.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-42567
info:
name: Apereo CAS Reflected Cross-Site Scripting
name: Apereo CAS Cross-Site Scripting
author: pdteam
severity: medium
description: Apereo CAS through 6.4.1 allows cross-site scripting via POST requests sent to the REST API endpoints.

2
cves/2021/CVE-2021-42663.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-42663
info:
name: Online Event Booking and Reservation System version 2.3.0 - Cross Site Scripting
name: Online Event Booking and Reservation System version 2.3.0 - Cross-Site Scripting
author: fxploit
severity: medium
description: |

2
cves/2021/CVE-2021-43062.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-43062
info:
name: Fortinet FortiMail 7.0.1 - Reflected Cross-Site Scripting
name: Fortinet FortiMail 7.0.1 - Cross-Site Scripting
author: ajaysenr
severity: medium
description: A cross-site scripting vulnerability in FortiMail may allow an unauthenticated attacker to perform an attack via specially crafted HTTP GET requests to the FortiGuard URI protection service.

2
cves/2021/CVE-2021-43574.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-43574
info:
name: Atmail Hosting Webserver 6.5.0 - Cross-site scripting
name: Atmail Hosting Webserver 6.5.0 - Cross-Site scripting
author: arafatansari,ritikchaddha
severity: medium
description: |

2
cves/2021/CVE-2021-43810.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-43810
info:
name: Admidio - Reflected Cross-Site Scripting
name: Admidio - Cross-Site Scripting
author: gy741
severity: medium
description: A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts.

2
cves/2021/CVE-2021-45380.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-45380
info:
name: AppCMS - Reflected Cross-Site Scripting
name: AppCMS - Cross-Site Scripting
author: pikpikcu
severity: medium
description: AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inc_head.php.

2
cves/2021/CVE-2021-46068.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-46068
info:
name: Vehicle Service Management System - Stored Cross Site Scripting
name: Vehicle Service Management System - Stored Cross-Site Scripting
author: TenBird
severity: medium
description: |

2
cves/2021/CVE-2021-46069.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-46069
info:
name: Vehicle Service Management System - Stored Cross Site Scripting
name: Vehicle Service Management System - Stored Cross-Site Scripting
author: TenBird
severity: medium
description: |

2
cves/2021/CVE-2021-46071.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-46071
info:
name: Vehicle Service Management System - Stored Cross Site Scripting
name: Vehicle Service Management System - Stored Cross-Site Scripting
author: TenBird
severity: medium
description: |

2
cves/2021/CVE-2021-46073.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-46073
info:
name: Vehicle Service Management System - Cross Site Scripting
name: Vehicle Service Management System - Cross-Site Scripting
author: TenBird
severity: medium
description: |

2
cves/2022/CVE-2022-0149.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0149
info:
name: WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Reflected Cross-Site Scripting
name: WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting
author: dhiyaneshDk
severity: medium
description: The plugin was affected by a reflected cross-site scripting vulnerability in the woo_ce admin page.

2
cves/2022/CVE-2022-0150.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0150
info:
name: WP Accessibility Helper (WAH) < 0.6.0.7 - Cross-Site Scripting (XSS)
name: WP Accessibility Helper (WAH) < 0.6.0.7 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: |

2
cves/2022/CVE-2022-0189.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0189
info:
name: WordPress RSS Aggregator < 4.20 - Authenticated Reflected Cross-Site Scripting
name: WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: WordPress RSS Aggregator < 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to reflected cross-site scripting.

2
cves/2022/CVE-2022-0201.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0201
info:
name: WordPress Permalink Manager < 2.2.15 - Reflected Cross-Site Scripting
name: WordPress Permalink Manager < 2.2.15 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugins do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue.

2
cves/2022/CVE-2022-0208.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0208
info:
name: WordPress Plugin MapPress < 2.73.4 - Reflected XSS
name: WordPress Plugin MapPress < 2.73.4 - Cross-Site Scripting
author: edoardottt
severity: medium
description: The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting.

4
cves/2022/CVE-2022-0220.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0220
info:
name: WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting
name: WordPress GDPR & CCPA < 1.9.27 - Cross-Site Scripting
author: daffainfo
severity: medium
description: |
@ -14,7 +14,7 @@ info:
cvss-score: 6.1
cve-id: CVE-2022-0220
cwe-id: CWE-79
tags: wpscan,cve,cve2022,wordpress,wp-plugin,wp,xss
tags: wpscan,cve,cve2022,wordpress,wp-plugin,wp,xss,unauth
requests:
- raw:

2
cves/2022/CVE-2022-0271.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0271
info:
name: LearnPress < 4.1.6 - Reflected Cross-Site Scripting
name: LearnPress < 4.1.6 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting

2
cves/2022/CVE-2022-0288.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0288
info:
name: Ad Inserter < 2.7.10 - Reflected Cross-Site Scripting
name: Ad Inserter < 2.7.10 - Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: The plugins do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

2
cves/2022/CVE-2022-0378.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0378
info:
name: Microweber Reflected Cross-Site Scripting
name: Microweber Cross-Site Scripting
author: pikpikcu
severity: medium
description: Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11.

2
cves/2022/CVE-2022-0381.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0381
info:
name: WordPress Plugin Embed Swagger 1.0.0 - Reflected XSS
name: WordPress Plugin Embed Swagger 1.0.0 - Cross-Site Scripting
author: edoardottt
severity: medium
description: The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 1.0.0.

2
cves/2022/CVE-2022-0422.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0422
info:
name: WordPress White Label MS < 2.2.9 - Reflected Cross-Site Scripting
name: WordPress White Label MS < 2.2.9 - Cross-Site Scripting
author: random-robbie
severity: medium
description: The plugin does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue back in the response, leading to reflected cross-site scripting.

4
cves/2022/CVE-2022-0595.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0595
info:
name: Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Unauthenticated Stored XSS
name: Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Stored Cross-Site Scripting
author: akincibor
severity: medium
description: The plugin allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue.
@ -13,7 +13,7 @@ info:
cvss-score: 5.4
cve-id: CVE-2022-0595
cwe-id: CWE-79
tags: cve,cve2022,xss,wordpress,wp-plugin,wpscan,fileupload,intrusive
tags: cve,cve2022,xss,wordpress,wp-plugin,wpscan,fileupload,intrusive,unauth
requests:
- raw:

2
cves/2022/CVE-2022-0599.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0599
info:
name: Mapping Multiple URLs Redirect Same Page <= 5.8 - Reflected Cross-Site Scripting
name: Mapping Multiple URLs Redirect Same Page <= 5.8 - Cross-Site Scripting
author: scent2d
severity: medium
description: |

2
cves/2022/CVE-2022-0776.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0776
info:
name: RevealJS postMessage XSS
name: RevealJS postMessage Cross-Site Scripting
author: LogicalHunter
severity: medium
description: Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.

2
cves/2022/CVE-2022-0928.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0928
info:
name: Microweber - Cross-site Scripting
name: Microweber - Cross-Site Scripting
author: amit-jd
severity: medium
description: |

2
cves/2022/CVE-2022-0954.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-0954
info:
name: Microweber - Cross-site Scripting
name: Microweber - Cross-Site Scripting
author: amit-jd
severity: medium
description: |

2
cves/2022/CVE-2022-1221.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-1221
info:
name: Gwyn's Imagemap Selector <= 0.3.3 - Reflected Cross-Site Scripting
name: Gwyn's Imagemap Selector <= 0.3.3 - Cross-Site Scripting
author: veshraj
severity: medium
description: |

2
cves/2022/CVE-2022-1439.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-1439
info:
name: Microweber Reflected Cross-Site Scripting
name: Microweber Cross-Site Scripting
author: pikpikcu
severity: medium
description: Reflected XSS in microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.

2
cves/2022/CVE-2022-1597.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-1597
info:
name: WPQA < 5.4 - Reflected Cross-Site Scripting
name: WPQA < 5.4 - Cross-Site Scripting
author: veshraj
severity: medium
description: |

2
cves/2022/CVE-2022-1724.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-1724
info:
name: Simple Membership < 4.1.1 - Reflected Cross-Site Scripting
name: Simple Membership < 4.1.1 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting.

2
cves/2022/CVE-2022-1904.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-1904
info:
name: Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
name: Easy Pricing Tables < 3.2.1 - Cross-Site-Scripting
author: Akincibor
severity: medium
description: |

2
cves/2022/CVE-2022-1906.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-1906
info:
name: Copyright Proof <= 4.16 - Reflected Cross-Site-Scripting
name: Copyright Proof <= 4.16 - Cross-Site-Scripting
author: random-robbie
severity: medium
description: |

2
cves/2022/CVE-2022-1937.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-1937
info:
name: Awin Data Feed <= 1.6 - Reflected Cross-Site Scripting
name: Awin Data Feed <= 1.6 - Cross-Site Scripting
author: Akincibor,DhiyaneshDK
severity: medium
description: |

2
cves/2022/CVE-2022-1946.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-1946
info:
name: Gallery < 2.0.0 - Reflected Cross-Site Scripting
name: Gallery < 2.0.0 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue.

2
cves/2022/CVE-2022-2187.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-2187
info:
name: Contact Form 7 Captcha < 0.1.2 - Reflected Cross-Site Scripting
name: Contact Form 7 Captcha < 0.1.2 - Cross-Site Scripting
author: For3stCo1d
severity: medium
description: |

2
cves/2022/CVE-2022-24181.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-24181
info:
name: PKP Open Journals System 3.3 - Cross-Site Scripting (XSS)
name: PKP Open Journals System 3.3 - Cross-Site Scripting
author: lucasljm2001,ekrause
severity: medium
description: |

2
cves/2022/CVE-2022-24681.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-24681
info:
name: ManageEngine ADSelfService - Stored XSS
name: ManageEngine ADSelfService - Stored Cross-Site Scripting
author: Open-Sec
severity: medium
description: |

2
cves/2022/CVE-2022-24899.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-24899
info:
name: Contao 4.13.2 - Cross-Site Scripting (XSS)
name: Contao 4.13.2 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |

2
cves/2022/CVE-2022-26564.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-26564
info:
name: HotelDruid Hotel Management Software 3.0.3 XSS
name: HotelDruid Hotel Management Software 3.0.3 Cross-Site Scripting
author: alexrydzak
severity: medium
description: |

Some files were not shown because too many files have changed in this diff Show More