| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of the component Dispositivos Page. The manipulation of the argument IP-DNS leads to cross site scripting. The attack can be initiated remotely. VDB-225922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter. |
| An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31. |
|
Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.
|
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robert Heller WebLibrarian plugin <= 3.5.8.1 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <= 1.2.9 versions. |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Steven A. Zahm Connections Business Directory plugin <= 10.4.36 versions. |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Flyn San IFrame Shortcode plugin <= 1.0.5 versions. |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Zwaply Cryptocurrency All-in-One plugin <= 3.0.19 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin <= 1.3.1 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof theme <= 1.0.3 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plainware ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin <= 1.3.2 versions. |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Julien Crego Manager for Icomoon plugin <= 2.0 versions. |
| Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.
|
| Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin <= 4.1.10 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Theme The7 plugin <= 11.6.0 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistScope CopySafe Web Protection plugin <= 3.13 versions. |
| Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3rev Software a3 Portfolio plugin <= 3.1.0 versions. |
