Cross-Site Scripting

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users, which can lead to unauthorized actions or data theft. It affects versions of the FixBD Educare software up to and including 1.6.1, and requires the attacker to trick users into clicking on a specially crafted link.

This vulnerability allows an attacker to inject malicious scripts into web pages, which can then execute in the browsers of users visiting the affected site, potentially stealing sensitive information like cookies or login credentials. It affects versions of the Prague plugin up to 2.2.8, and the attack can occur simply by tricking users into clicking on a specially crafted link.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users, potentially stealing sensitive information like login credentials. It affects versions of FluentCart before 1.3.0 and requires the attacker to trick users into clicking on a specially crafted link.

An attacker can execute harmful JavaScript in a victim's browser by uploading a specially crafted SVG file, which can steal sensitive information like session cookies. This requires the attacker to be logged in to the Sync-in Server, making it a threat primarily to authenticated users.

This vulnerability allows an attacker to inject malicious scripts into the Silencesoft RSS Reader, which can then be stored and executed whenever users access the affected content. To exploit this, the attacker needs to have the ability to submit content that gets displayed to other users, making it a risk primarily in environments where untrusted users can post RSS feeds.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users, potentially stealing sensitive information like login credentials. It affects versions of the WP Wizard Cloak plugin up to 1.0.1, and the attack can happen simply by tricking users into clicking on a specially crafted link.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users, potentially stealing sensitive information like cookies or login credentials. It affects specific versions of the RylanH Storyform software, and the attacker needs to trick a user into clicking a specially crafted link to exploit it.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users, potentially stealing sensitive information or taking control of their accounts. It affects versions of the Easy Taxonomy Images plugin up to 1.0.1, and requires the attacker to have access to a system where they can input data that gets stored and displayed on the website.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users, potentially stealing sensitive information like cookies or login credentials. It affects versions of the bbpress Simple Advert Units plugin up to 0.41 and requires the attacker to trick users into clicking on a specially crafted link.

This vulnerability allows an attacker to inject malicious scripts into the NewsMash application, which can then be executed in the browsers of users who view affected pages. It can be exploited if the attacker can submit content that gets stored and displayed without proper checks, affecting versions up to 1.0.71.

This vulnerability allows an attacker to inject malicious scripts into web pages, which can then be stored and executed whenever users visit those pages, potentially stealing sensitive information or hijacking user sessions. It affects specific versions of the Master Addons for Elementor plugin, and the issue arises when user input is not properly sanitized before being displayed on the website.

This vulnerability allows an attacker to inject malicious scripts into web pages that are served to users, potentially stealing sensitive information or performing actions on behalf of those users. It affects specific versions of the LiteSpeed Cache software, and the attacker needs to have the ability to submit content that gets stored and displayed on the website.

This vulnerability allows an attacker to inject malicious scripts into a website built with Elementor, which can then be executed in the browsers of users visiting the site. For this to happen, the attacker must have access to a way to input data into the website, such as through a comment or form submission.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users, potentially stealing sensitive information or taking control of their accounts. It affects specific versions of the Nexter Blocks plugin, and the issue arises when user input is not properly handled during page generation.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users, potentially stealing sensitive information or hijacking user sessions. It affects a specific version of the Real Estate Script and requires the attacker to find a way to input harmful code into the system, which could be done through forms or other input fields.

An attacker can run malicious scripts in a user's web browser session, potentially stealing sensitive information or hijacking the session. This vulnerability affects specific versions of ENOVIAvpm Web Access and requires the user to click on a specially crafted link sent by the attacker.

This vulnerability allows an attacker to inject malicious scripts into the SmarterMail application through MAPI requests, which can lead to unauthorized actions or data theft when users interact with their email. To exploit this, the attacker needs to trick users into clicking on a specially crafted link or opening a compromised email.

This vulnerability allows an attacker to inject harmful scripts that can run in a victim's browser when they visit a specific web page. For this to work, the attacker needs to trick the victim into clicking a link that includes the malicious code in the URL.

This vulnerability allows an attacker to inject malicious scripts that can run automatically whenever users access a specific part of the Kubysoft application. It can be exploited through various input fields, meaning that if an attacker can submit data to the application, they can potentially compromise other users' sessions.

An attacker can upload a malicious SVG image that contains harmful scripts, which are then stored on the server and executed whenever any user views that image. This vulnerability occurs because the system fails to properly clean or check the SVG files before saving them.