header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

PyroCMS v3.0.1 Stored Cross-Site Scripting

An attacker can exploit the vulnerability in PyroCMS v3.0.1 by injecting a malicious payload into the 'Redirect From' field, triggering a stored cross-site scripting (XSS) attack. This could lead to unauthorized access, data theft, and other malicious activities. No CVE has been assigned yet.

Chyrp 2.5.2 – Stored Cross-Site Scripting (XSS)

Chyrp 2.5.2 is vulnerable to stored cross-site scripting (XSS) due to improper sanitization of user-supplied data. An attacker can inject malicious scripts into the 'Title' field, leading to the execution of arbitrary code in the context of the user's browser. This vulnerability has been assigned CVE-ID: N/A.

WordPress File Upload < 4.23.3 Stored XSS

A Stored Cross-Site Scripting (XSS) vulnerability exists in WordPress File Upload plugin version 4.23.3 and prior. By inserting a malicious shortcode in a post, an attacker can trigger an XSS attack when a file is uploaded, leading to potential script execution in the victim's browser. This vulnerability has been assigned CVE-2023-4811.

WordPress Plugin Alemha Watermarker 1.3.1 – Stored Cross-Site Scripting (XSS)

The Alemha Watermarker Wordpress Plugin version 1.3.1 is vulnerable to Stored Cross-Site Scripting (XSS) due to insufficient sanitization of user-supplied data in the 'watermark_title' field. An attacker can insert malicious scripts in the Watermark Text field, which will execute whenever a user attempts to edit the page.

Blood Bank v1.0 Stored Cross Site Scripting (XSS)

The 'rename', 'remail', 'rphone', and 'rcity' parameters in the 'updateprofile.php' file of Code-Projects Blood Bank V1.0 are vulnerable to Stored Cross-Site Scripting (XSS) due to lack of proper input validation. An attacker can inject malicious scripts into these parameters, and when stored on the server, these scripts may get executed when viewed by other users.

Stored Cross-Site Scripting (XSS) in LimeSurvey Community Edition Version 5.3.32+220817

A critical security vulnerability in LimeSurvey Community Edition Version 5.3.32+220817 allows attackers to compromise the super-admin account through the 'Administrator email address:' field in 'General Setting.' This could result in theft of cookies and session tokens.

WordPress Plugin Playlist for Youtube – Stored Cross-Site Scripting (XSS)

The Wordpress Plugin Playlist for Youtube version 1.32 is vulnerable to stored cross-site scripting (XSS) attack. By injecting a malicious XSS payload into the 'Name' or 'Playlist ID' properties when adding a new playlist, an attacker can execute arbitrary scripts in the context of a user's browser.

Workout Journal App 1.0 – Stored XSS

The Workout Journal App version 1.0 is vulnerable to stored XSS. By registering with malicious XSS payloads in the First and Last name fields during registration, an attacker can execute arbitrary scripts. This vulnerability arises due to lack of data validation, allowing the browser to execute injected code.

Recent Exploits: