#xss

The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php.

eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php.

Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.

Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.

Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.

Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.

Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.59.4.

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btn_functions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated remotely. VDB-230566 is the identifier assigned to this vulnerability.

A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230560.