20 matches found
EUVD-2019-7520
Malware in sbrugna...
CVE-2019-17045
Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab...
CVE-2025-45242
Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php...
CVE-2025-31412
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows DOM-Based XSS.This issue affects JetProductGallery: from n/a through = 2.1.22...
CVE-2025-31412 WordPress JetProductGallery plugin <= 2.1.22 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows DOM-Based XSS.This issue affects JetProductGallery: from n/a through = 2.1.22...
CVE-2025-31412 WordPress JetProductGallery plugin <= 2.1.22 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound JetProductGallery allows DOM-Based XSS. This issue affects JetProductGallery: from n/a through 2.1.22...
WordPress plugin JetProductGallery 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...
WordPress Author Avatars List/Block Plugin <= 2.1.21 is vulnerable to Cross Site Scripting (XSS)
Software Author Avatars List/Block Type Plugin Vulnerable versions = 2.1.21 Fixed in 2.1.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47370 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7fcface20444 Credits Hwang Se-yeon Requir...
PT-2022-24384 · Daikin · Daikin Svmpc1 +1
Name of the Vulnerable Software and Affected Versions: Daikin SVMPC1 versions 2.1.22 and prior Daikin SVMPC2 versions 1.2.3 and prior Description: The issue allows attackers with access to the local area network LAN to disclose sensitive information stored by the affected product without requirin...
CVE-2019-17046
Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page...
CVE-2019-17045
Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab...
CVE-2019-17046
Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page...
CVE-2019-17045
Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab...
Remote code execution
Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page...
Cross site scripting
Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab...
CVE-2019-17046
CVE-2019-17046 affects Ilch 2.1.22. The vulnerability arises because PHP is listed under “Allowed files” on the index.php/admin/media/settings/index page, enabling remote code execution. The issue is documented across multiple feeds (NVD, Red Hat, CNVD, osv.dev, CVE listings) as a remote code exe...
CVE-2019-17046
Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page...
CVE-2019-17045
Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab...
CVE-2019-17045
The CVE-2019-17045 entry concerns Ilch CMS 2.1.22 with a stored XSS in the Jobs Tab, exploitable via the title, text, or email id fields. Root cause cited by CNVD-2019-42862 is lack of proper validation of client-side data. Consequences include execution of client-side code in authenticated conte...
Elite Bulletin Board 2.1.21 - Multiple SQL Injections
Advisory ID: HTB23133 Product: Elite Bulletin Board Vendor: elite-board.us Vulnerable Versions: 2.1.21 and probably prior Tested Version: 2.1.21 Vendor Notification: November 28, 2012 Vendor Patch: December 6, 2012 Public Disclosure: December 19, 2012 Vulnerability Type: SQL Injection CWE-89 CVE...