A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.This issue affects Simple Membership: from n/a through 4.3.8.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows Reflected XSS.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devu Status Updater fb-status-updater allows Reflected XSS.This issue affects Status Updater: from n/a through <= 1.9.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in viperchill ViperBar viperbar allows Reflected XSS.This issue affects ViperBar: from n/a through <= 2.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in abelony Events Planner events-planner allows Reflected XSS.This issue affects Events Planner: from n/a through <= 1.3.10.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KlbTheme Machic Core allows DOM-Based XSS.This issue affects Machic Core: from n/a through 1.2.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binh Nguyen LadiApp ladipage allows Stored XSS.This issue affects LadiApp: from n/a through <= 4.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Maurer Display Post Meta display-post-meta allows Reflected XSS.This issue affects Display Post Meta: from n/a through <= 2.4.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JamRizzi Technologies Rizzi Guestbook rizzi-guestbook allows Reflected XSS.This issue affects Rizzi Guestbook: from n/a through <= 4.0.1.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.11.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Danish Ali Malik Top Bar – PopUps – by WPOptin wpoptin allows Reflected XSS.This issue affects Top Bar – PopUps – by WPOptin: from n/a through <= 2.0.8.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: from n/a through 1.0.3.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dang Ngoc Binh Zalo Live Chat zalo-live-chat allows Reflected XSS.This issue affects Zalo Live Chat: from n/a through <= 1.1.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rohitashv Singhal Contact Us By Lord Linus contact-us-by-lord-linus allows Reflected XSS.This issue affects Contact Us By Lord Linus: from n/a through <= 2.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FasterThemes FastBook fastbook-responsive-appointment-booking-and-scheduling-system allows Stored XSS.This issue affects FastBook: from n/a through <= 1.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Stored XSS.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gilles Dumas which template file allows Reflected XSS.This issue affects which template file: from n/a through 4.9.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm – Form Builder for WordPress allows Reflected XSS.This issue affects Forms by CaptainForm – Form Builder for WordPress: from n/a through 2.5.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim seekXL Snapr seekxl-snapr allows Reflected XSS.This issue affects seekXL Snapr: from n/a through <= 2.0.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in videowhisper Video Share VOD video-share-vod allows Reflected XSS.This issue affects Video Share VOD: from n/a through <= 2.7.9.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in accreteinfosolution Appointment Buddy Widget appointment-buddy-online-appointment-booking-by-accrete allows Cross-Site Scripting (XSS).This issue affects Appointment Buddy Widget: from n/a through <= 1.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Senktec Implied Cookie Consent implied-cookie-consent allows Reflected XSS.This issue affects Implied Cookie Consent: from n/a through <= 1.3.
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theasys Theasys theasys allows Stored XSS.This issue affects Theasys: from n/a through <= 1.0.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kagla GNUPress gnupress allows Reflected XSS.This issue affects GNUPress: from n/a through <= 0.2.9.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristopher Dino IE CSS3 Support ie-css3-support allows Reflected XSS.This issue affects IE CSS3 Support: from n/a through <= 2.0.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robert_kolatzek WP doodlez wpdoodlez allows Stored XSS.This issue affects WP doodlez: from n/a through <= 1.0.10.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Parcel Panel ParcelPanel allows Reflected XSS.This issue affects ParcelPanel: from n/a through 4.3.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zenverse Theme Demo Bar wordpress-theme-demo-bar allows Reflected XSS.This issue affects Theme Demo Bar: from n/a through <= 1.6.3.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Reflected XSS.This issue affects WC Marketplace: from n/a through 4.1.17.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeon WHMpress allows Reflected XSS.This issue affects WHMpress: from n/a through 6.2-revision-5.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through <= 1.5.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dreamstime Dreamstime Stock Photos dreamstime-stock-photos allows Reflected XSS.This issue affects Dreamstime Stock Photos: from n/a through <= 4.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yendif Player Another Events Calendar another-events-calendar allows Reflected XSS.This issue affects Another Events Calendar: from n/a through <= 1.7.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max K UTM tags tracking for Contact Form 7 cf7-utm-tracking allows Reflected XSS.This issue affects UTM tags tracking for Contact Form 7: from n/a through <= 2.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno "Aesqe" Babic File Gallery allows Reflected XSS.This issue affects File Gallery: from n/a through 1.8.5.4.
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in videowhisper Picture Gallery picture-gallery allows Reflected XSS.This issue affects Picture Gallery: from n/a through <= 1.6.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Reflected XSS.This issue affects JetBlocks For Elementor: from n/a through 1.3.8.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev WooCommerce Receipt Uploader pepro-bacs-receipt-upload-for-woocommerce allows Reflected XSS.This issue affects PeproDev WooCommerce Receipt Uploader: from n/a through <= 2.6.9.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bitsstech Shipment Tracker for Woocommerce shipment-tracker-for-woocommerce allows Reflected XSS.This issue affects Shipment Tracker for Woocommerce: from n/a through <= 1.4.23.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter plugin <= 1.17 versions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership Custom Messages simple-membership-custom-messages allows Reflected XSS.This issue affects Simple Membership Custom Messages: from n/a through <= 2.4.