Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.
The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the “page_builder_data” parameter when performing the “wppb_page_save” AJAX action. It is also possible to insert malicious JavaScript via the “wppb_page_css” parameter (this can be done by closing out the style tag and opening a script tag) when performing the “wppb_page_save” AJAX action.
The User Registration, User Profiles, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.8 did not sanitise or escape some of its settings before saving them and outputting them back in the page, allowing high privilege users such as admin to set JavaScript payloads in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue
The StreamCast – Radio Player for WordPress plugin before 2.1.1 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode
The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin.
The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. The security update addresses the vulnerability by correcting how Outlook iOS parses specially crafted email messages.
The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.
The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.
Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions.
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 versions.
The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer.
Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed.
The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field
The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.
The Easy Preloader WordPress plugin through 1.0.0 does not sanitise its setting fields, leading to authenticated (admin+) Stored Cross-Site scripting issues
The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL.
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro's XO Slider plugin <= 3.3.2 at WordPress.
The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hometory Mang Board WP allows Stored XSS.This issue affects Mang Board WP: from n/a through 1.7.7.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood & Alexandre Faustino Stock Locations for WooCommerce allows Stored XSS.This issue affects Stock Locations for WooCommerce: from n/a through 2.5.9.
An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input sanitization. The injected payload will be executed in the browser of a user whenever one visits the affected module page.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harmonic Design HD Quiz allows Stored XSS.This issue affects HD Quiz: from n/a through 1.8.11.
The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin before 2.3.9 did not escape, validate or sanitise some of its shortcode options, available to users with a role as low as Contributor, leading to an authenticated Stored Cross-Site Scripting issue.
The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attribute.
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function.
The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled
The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue
A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter.
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.
BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.
The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method.
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress.
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed.
The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue.