# Exploit Title: WP Plugins KiviCare 3.2.0 - Reflected Cross-Site Scripting# Date: 03-10-2023# Exploit Author: Arvandy# Software Link: https://wordpress.org/plugins/kivicare-clinic-management-system/# Vendor Homepage: https://kivicare.io/# Version: 3.2.0# Tested on: Windows, Linux# CVE: CVE-2023-2624# Product DescriptionKiviCare is the most affordable self-hosted clinic and patient management system based on the WordPress platform. Set up your online clinic in no time.
Tittle:WordPress Plugin Tablesome < 1.0.9 - Reflected XSSReferences:CVE-2023-1890Author:Taurus Omar Description:The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site ScriptingAffects Plugins:Tablesome - Fixed in version 1.0.9Proof of Concept:Make a logged in admin open one of the URL below when the feature/tracking notice has
# Exploit Title: Reflected Cross Site Scripting- Google Dork:- Date: 27.04.2023- Exploit Author: Lucas Noki (0xPrototype)- Vendor Homepage: https://github.com/vogtmh- Software Link: https://github.com/vogtmh/cmaps- Version: 8.0- Tested on: Mac, Windows, Linux- CVE : CVE-2023-29808 Description: The vulnerability found is Reflected Cross Site Scripting. When the `/index.php?map=overview&findme=` endpoint is hit with a request where the "findme" parameter contains a malicious
Digital Subscription & Customer Support darkreading.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from darkreading.com Daily Mail and Mail on Sunday newspapers.