#xss

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin <= 2.1.3 versions.

An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.

An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.3 versions.

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.

Preventative security should be driven by data and risk assessment, not compliance.

A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter.