Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical marquee plugin <= 7.1 versions.

**Solution**

 No fix

No patched version is available.

Found this useful? Thank yuyudhn for reporting this vulnerability. Buy a coffee ☕

yuyudhn discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Vertical Marquee Plugin Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-40677: WordPress Vertical Marquee Plugin plugin <= 7.1 - Cross Site Scripting (XSS) - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Everest News Pro theme <= 1.1.7 versions.

**Solution**

 No fix

No patched version is provided by the vendor.

László Radnai discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Everest News Pro Theme. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-41235: WordPress Everest News Pro theme <= 1.1.7 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Happy addons Happy Elementor Addons Pro plugin <= 2.8.0 versions.

**Solution**

 Fixed

Update the WordPress Happy Elementor Addons Pro plugin to the latest available version (at least 2.8.1).

Found this useful? Thank Rafie Muhammad (Patchstack) for reporting this vulnerability. Buy a coffee ☕

Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Happy Elementor Addons Pro Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.8.1.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-41236: WordPress Happy Elementor Addons Pro plugin <= 2.8.0 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex.

状态

进行中

待办的

进行中

已完成

已关闭

负责人

未设置

标签

未设置

标签管理

里程碑

未关联

未关联

Pull Requests

未关联

未关联

关联的 Pull Requests 被合并后可能会关闭此 issue

分支

未关联

分支 (9)

标签 (13)

Previous\_Releases\_4.1.3

Previous\_Releases\_4.0.0

developer

multiple\_database

Previous\_Releases\_3.5.1

Previous\_Releases\_3.5.0

Previous\_Releases\_3.0.0

Previous\_Releases\_2.0.0

Previous\_Releases\_1.0.0

Latest\_Stable\_Release\_4.1.3

Latest\_Stable\_Release\_4.1.2

Latest\_Stable\_Release\_4.0.1

Previous\_Releases\_4.0.1

v4.0.0

v3.5.1

Previous\_Releases\_3.5.0

v3.0.1

v2.5.1

v2.1.1

v2.0.2

v2.0.1

v1.0.1

开始日期   -   截止日期

\-

置顶选项

不置顶

置顶等级：高

置顶等级：中

置顶等级：低

优先级

不指定

严重

主要

次要

不重要

CVE-2023-43857: DreamerCMS v4.1.3 has a storage based XSS vulnerability · Issue #I834WV · www.iteachyou.cc/Dreamer CMS（梦想家CMS内容管理系统） - Gitee.com

A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-43331: CVE/CVE-2023-43331 at main · Kartikhunter/CVE

In Apollo  change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.

CVE-2023-30959: Palantir | Trust and Security Portal

Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link.

CVE-2023-30961: Palantir | Trust and Security Portal

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.3 versions.

**Solution**

 Fixed

Update the WordPress Simple Staff List plugin to the latest available version (at least 2.2.4).

Found this useful? Thank Yuki Haruma for reporting this vulnerability. Buy a coffee ☕

Yuki Haruma discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Simple Staff List Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.2.4.

**Other vulnerabilities in this plugin**

 0 present

 2 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-28790: WordPress Simple Staff List plugin <= 2.2.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.

**Solution**

 Fixed

Update the WordPress RSVPMarker plugin to the latest available version (at least 10.6.7).

Muhammad Arsalan Diponegoro (tripoloski) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress RSVPMarker Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 10.6.7.

**Other vulnerabilities in this plugin**

 0 present

 15 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-27617: WordPress rsvpmaker plugin <= 10.6.6 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.

Tag

#xss