CWE-79

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.

The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin.

Cross-site Scripting (XSS) – Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0.

Cross-site Scripting (XSS) – Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.

Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.3.3.

Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.3.3.