S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.