Zlrqh

**Name of the Vulnerable Software and Affected Versions** Studio Hyperset The Great Firewords of China versions n/a through 1.2 **Description** The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. **Recommendations** For versions n/a through 1.2, consider disabling any features that allow user input to be directly reflected in web pages until a proper fix is available. Restrict access to sensitive areas of the web application to minimize the risk of exploitation. Avoid using user-supplied input in API endpoints, such as `/api/user/profile`, until the issue is resolved. As a temporary workaround, consider implementing additional validation and sanitization for all user input to prevent malicious scripts from being injected.

**Name of the Vulnerable Software and Affected Versions** NotFound WP Azure offload versions n/a through 2.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables potential attackers to inject malicious scripts into web pages. **Recommendations** For versions n/a through 2.0, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Já-Já Pagamentos for WooCommerce versions 1.3.0 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or data theft. **Recommendations** For Já-Já Pagamentos for WooCommerce versions 1.3.0 and earlier, update to a version later than 1.3.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DsgnWrks Twitter Importer versions 1.1.4 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. **Recommendations** For versions 1.1.4 and earlier, update to a version that fixes this issue, as no specific workaround is provided in the given information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Login Watchdog versions 1.0.4 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which leads to a Stored XSS vulnerability. This allows for the storage of malicious scripts in the application, potentially affecting users who access the compromised page. **Recommendations** For versions 1.0.4 and earlier, update to a version that contains a fix for this issue, as the current version is affected by the Stored XSS vulnerability.

**Name of the Vulnerable Software and Affected Versions** Callum Richards Admin Menu Organizer versions n/a through 1.0.1 **Description** The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This means an attacker can inject malicious scripts into the website, potentially leading to unauthorized actions on behalf of the user. **Recommendations** For versions n/a through 1.0.1, update to a version later than 1.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the Admin Menu Organizer until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Kurt Payne Upload Scanner versions n/a through 1.2 **Description** The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting (XSS). This enables attackers to inject malicious scripts into the website, potentially leading to unauthorized actions. **Recommendations** For Kurt Payne Upload Scanner versions n/a through 1.2, update to a version later than 1.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: 3D Avatar User Profile versions n/a through 1.0.0 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized actions on behalf of the user. Recommendations: For versions n/a through 1.0.0, update to a version that fixes the improper neutralization of input during web page generation to prevent reflected XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: UNIVERSAM (affected versions not specified) Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions on behalf of the user. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Damir Calusic WP users media versions 4.2.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. This can lead to unauthorized access. **Recommendations** For Damir Calusic WP users media versions 4.2.3 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LeanPress versions prior to 1.0.0 **Description** The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. This allows for Reflected XSS. **Recommendations** For versions prior to 1.0.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation. Avoid using potentially vulnerable API endpoints until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Visser Labs Jigoshop – Store Exporter versions 1.5.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations: For Visser Labs Jigoshop – Store Exporter versions 1.5.8 and earlier, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** drop in image slideshow gallery versions prior to 12.0 **Description** The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based Cross-site Scripting (XSS). This means that an attacker could potentially inject malicious scripts into the webpage, affecting the Document Object Model (DOM) and thus impacting the website's functionality and user experience. **Recommendations** For versions prior to 12.0, consider disabling the dynamic generation of web pages or restricting user input to minimize the risk of exploitation until a patch is available. Restrict access to sensitive parts of the gallery to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Ancient World Linked Data versions 0.2.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This means that the software does not properly neutralize user input, which can lead to the execution of malicious scripts in the browser. Recommendations: For Ancient World Linked Data versions 0.2.1 and earlier, update to a version that fixes this issue, if available. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Stylish Internal Links versions n/a through 1.9 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), allowing DOM-Based XSS. This means that an attacker could potentially inject malicious scripts into the website, affecting the user's session. **Recommendations** For versions n/a through 1.9, update to a version that fixes the Improper Neutralization of Input During Web Page Generation issue to prevent DOM-Based XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Responsive Video versions 1.0 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows DOM-Based XSS. This means that an attacker could potentially inject malicious scripts into the website, affecting users' sessions. **Recommendations** For WP Responsive Video versions 1.0 and earlier, update to a version that fixes the DOM-Based XSS issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Visser Labs Jigoshop – Store Toolkit versions 1.4.0 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Reflected XSS. **Recommendations** For Visser Labs Jigoshop – Store Toolkit versions 1.4.0 and earlier, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.