9 matches found
CVE-2025-11594
The CVE-2025-11594 issue affects ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website (files handling in the Quantity Handler, /index.php). Root cause: insufficient validation of the quantity input, allowing remote manipulation. Exploitation details are publicly disclosed in conn...
CVE-2020-11594
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path...
CVE-2018-11594
Espruino before 1.99 allows attackers to cause a denial of service application crash with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c...
CVE-2020-11594
CVE-2020-11594 affects CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can send an API request that triggers a stack error, causing the system to reveal the full file path. This is the explicit impact described across multiple sources. The available documents do not provide a ...
CVE-2019-11594
In AdBlock before 3.45.0, the $rewrite filter option lets filter-list maintainers run arbitrary code in a client-side session when a web service loads a script via XMLHttpRequest or Fetch and the script origin has an open redirect. This vulnerability is scored CVSS v3.0: 8.1 (HIGH) with Network a...
CVE-2018-11594
Espruino CVE-2018-11594 affects Espruino before 1.99. The vulnerability is a Buffer Overflow in jsparse.c during parsing of the string token “VOID,” triggered by a crafted input file, leading to a denial of service (application crash). Affected component: Espruino JavaScript interpreter for micro...
CVE-2017-11594
Cross-site scripting XSS vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment...
CVE-2017-11594
CVE-2017-11594 affects Loomio’s Markdown parser prior to version 1.8.0. The vulnerability is a cross-site scripting (XSS) flaw that lets remote attackers inject arbitrary web script or HTML through non-sanitized Markdown content in new threads or thread comments. The root cause is improper saniti...
CVE-2017-11594
Cross-site scripting XSS vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment...