#xss

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidevs Return and Warranty Management System for WooCommerce plugin <= 1.2.3 versions.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Surbma Surbma | GDPR Proof Cookie Consent & Notice Bar plugin <= 17.5.3 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions.

A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the __proto__ or constructor properties and the Object prototype. By leveraging an embedded gadget like jQuery, an attacker who convinces a victim to visit a specially crafted link could achieve arbitrary javascript execution in the context of the user's browser.

AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries.

WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert malicious scripts. Since any USER including the ADMIN can see the meeting room that was created by the attacker this can lead to cookie hijacking and takeover of any accounts. Version 12.4 contains a patch for this issue.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions.

Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <= 1.6.0 versions.