WordPress Modern Events Calendar Lite Plugin Cross-Site Scripting Vulnerability (CNVD-2022-08292)

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Modern Events Calendar Lite plugin in versions prior to 6.2.0 suffers from a cross-site scripting...

Pimcore 跨站脚本漏洞

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications.Pimcore has cross-site scripting...

pimcore Cross-Site Scripting Vulnerability (CNVD-2022-07504)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. pimcore has a cross-site scripting...

Pimcore 跨站脚本漏洞

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. pimcore 10.2.7 before the existence of...

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress WP Booking System plugin has a cross-site scripting vulnerability in versions prior to 2.0.15...

WordPress plugin ACF Photo Gallery Field跨站脚本漏洞

WordPress plugin is an open source application plugin for WordPress. The WordPress ACF Photo Gallery Field plugin suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability ...

Popup | Custom Popup Builder < 1.3.1 - Unauthenticated Denial of Service

The plugin autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog PoC 1 Create a popup as admin and access the popup page as unauthenticated 2 Send data on the form and interce...

FlashGet Buffer Overflow (CVE-2020-28967)

A buffer overflow vulnerability exists in the FlashGet download manager. The vulnerability is due to lack of proper validation of user data in 'current path directory' function...

Jenkins Badge Plugin Cross-Site Scripting Vulnerability

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Badge Plugin in version 1.9 and earlier suffers from a cross-site scripting vulnerability that stems from a lac...

Jenkins Matrix Project Plugin Cross-Site Scripting Vulnerability

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A cross-site scripting vulnerability exists in Jenkins Matrix Project Plugin in version 1.19 and earlier, which stems...

IBM Security Verify Access Cross-Site Scripting Vulnerability

IBM Security Verify Access is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT, and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls, identity...

WordPress 10Web Social Photo Feed Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress 10Web Social Photo Feed Plugin has a cross-site scripting vulnerability in versions prior to 1.4.29, which stems...

Teedy Cross-Site Scripting Vulnerability

Teedy is a French open source, lightweight document management system for individuals and businesses. Teedy suffers from a cross-site scripting vulnerability in versions v1.5 through v1.9 that stems from a lack of checksum filtering of user-supplied data and output. An attacker can exploit this...

WordPress Contact Form Entries Plugin Security Vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Contact Form Entries Plugin has a cross-site scripting vulnerability in versions prior to 1.2.4, which stems from...

CVE-2021-34943

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

CVE-2021-34985

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture 10.18.0.232. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

CVE-2021-34938

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

CVE-2021-34901

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

CVE-2021-34887

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

CVE-2021-34889

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...