A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component Ab
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creat
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205a.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization an
A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function of the file /admin/userlist.php. Such manipulation leads to
The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output es
The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2025.2 due to insufficient inpu
WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldna
A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject
A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /extensions/realestate/index.php/agents/
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to in
STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidat
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG ed
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsa
The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output
WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Co
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value