21 matches found
CVE-2026-13972 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-13972 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-13972
creationtimestamp| type| source ---|---|--- 2026-07-02 07:47:50+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-06 07:20:35+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260706...
Linux Distros Unpatched Vulnerability : CVE-2026-13972
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium...
CVE-2025-13972
creationtimestamp| type| source ---|---|--- 2025-12-12 08:31:59+00:00| seen| https://gist.github.com/Darkcrai86/2139cf6fe7d6b3ee9ee452be61bfe72e...
WordPress WatchTowerHQ plugin <= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter vulnerability
Authenticated Administrator+ Arbitrary File Read via 'whtdownloadbigobjectorigin' Parameter vulnerability discovered by ChamlaVic in WordPress Plugin WatchTowerHQ versions = 3.15.0...
CVE-2024-13972
A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade...
CVE-2024-13972
creationtimestamp| type| source ---|---|--- 2025-07-17 19:03:40+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114870125851359984 2025-07-18 05:43:48+00:00| seen| https://poliverso.org/objects/0477a01e-b4ff51d2-3ebe177d5dcd7fd6...
CVE-2020-13972
Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...
CVE-2019-13972
LayerBB 1.1.3 allows XSS via the application/commands/new.php pmtitle variable, a related issue to CVE-2019-17997...
CVE-2017-13972
Rejected reason: This candidate is unused by its CNA...
CVE-2018-13972
CVE-2018-13972 is rejected/not used and does not represent an active vulnerability entry.
CVE-2020-13972
Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...
CVE-2020-13972
Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...
CVE-2020-13972
CVE-2020-13972 in Enghouse Web Chat 6.2.284.34 is an XSS vulnerability triggered when a user supplies their own domain in the WebServiceLocation parameter; the POST response can display external JavaScript from a attacker-controlled server. This entry is tied to CVE-2019-16951, which Red Hat and ...
CVE-2019-13972
LayerBB 1.1.3 allows XSS via the application/commands/new.php pmtitle variable, a related issue to CVE-2019-17997...
CVE-2019-13972
LayerBB 1.1.3 allows XSS via the application/commands/new.php pmtitle variable, a related issue to CVE-2019-17997...
CVE-2019-13972
LayerBB 1.1.3 allows XSS via the application/commands/new.php pmtitle variable, a related issue to CVE-2019-17997...
CVE-2019-13972
LayerBB 1.1.3 contains an XSS vulnerability in the pm_title parameter of application/commands/new.php (CVE-2019-13972). The issue is caused by insufficient input validation, enabling cross-site scripting and potentially exposing client-side data. This CVE is related to CVE-2019-17997. Publicly pr...
WordPress Gwolle Guestbook plugin cross-site scripting vulnerability (CNVD-2018-13972)
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Gwolle Guestbook plugin, which can be exploited by an attacker t...