11 matches found
CVE-2024-12566
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2019-12566
The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user...
CVE-2024-12566
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-12566
creationtimestamp| type| source ---|---|--- 2025-01-13 06:05:09+00:00| seen| https://infosec.exchange/users/cve/statuses/113819537157281010 2025-01-13 06:06:01+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1353 2025-01-13 06:10:26+00:00| seen|...
CVE-2024-12566 Email Subscribers < 5.7.45 - Admin+ Stored XSS
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
MediaWiki <= 1.32.1 Multiple Vulnerabilities - Windows
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-12566
The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user...
CVE-2019-12566
The CVE-2019-12566 entry concerns the WordPress WP Statistics plugin (versions up to 12.6.5). The vulnerability is an authenticated stored cross-site scripting (XSS) flaw in includes/class-wp-statistics-pages.php, exploitable when an Editor creates a post whose title contains JavaScript, with the...
openSUSE Security Update : ImageMagick (openSUSE-2018-230)
This update for ImageMagick fixes the following issues : - CVE-2017-9405: A memory leak in the ReadICONImage function was fixed that could lead to DoS via memory exhaustion bsc1042911 - CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of...
SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0581-1)
This update for ImageMagick fixes the following issues : - CVE-2017-9405: A memory leak in the ReadICONImage function was fixed that could lead to DoS via memory exhaustion bsc1042911 - CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of...
CVE-2020-12566
This CVE entry is rejected and not used; it does not represent an active vulnerability.