Astra Linux - уязвимость в mbedtls

In Arm Mbed TLS before version 2.19.0, and Arm Mbed Crypto before version 2.0.0, when deterministic ECDSA is enabled, an RNG with insufficient entropy is used for blinding. This may allow an attacker to recover a private key through side-channel attacks if a victim signs the same message multiple...

GHSA-X832-FPVJ-R5PH Mustangproject allows exfiltrating files via XXE attacks

Mustang before 2.16.3 allows exfiltrating files via XXE attacks...

CVE-2025-66372

Mustang before 2.16.3 allows exfiltrating files via XXE attacks...

CVE-2025-66372

Mustangproject

CVE-2025-66372

Mustang before 2.16.3 allows exfiltrating files via XXE attacks...

CVE-2024-25129

The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...

CVE-2024-32457

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The CSSIgniter Team Elements Plus! allows Stored XSS.This issue affects Elements Plus!: from n/a through 2.16.3...

CVE-2024-50348

InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS Cross Site Scripting payload and execute. This vulnerability is fixed in 2.16.3...

CVE-2017-1000122

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service release assertion of the UI process. This vulnerability does not affect Apple products...

CVE-2024-50348 InstantCMS has a Cross Site Scripting Vulnerability

InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS Cross Site Scripting payload and execute. This vulnerability is fixed in 2.16.3...

CVE-2024-50348 InstantCMS has a Cross Site Scripting Vulnerability

InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS Cross Site Scripting payload and execute. This vulnerability is fixed in 2.16.3...

CVE-2024-50348

CVE-2024-50348 affects InstantCMS. The vulnerability is a Cross-Site Scripting (XSS) flaw in the photo upload function of the photo album page caused by insufficient input validation. This impacts versions prior to 2.16.3 and can enable an attacker to inject and execute script or HTML via crafted...

InstantCMS 跨站脚本漏洞

InstantCMS is a free and open source CMS. A cross-site scripting vulnerability exists in InstantCMS before version 2.16.3, which stems from the lack of effective filtering and escaping of user-supplied data in the photo upload function of the album page, and can be exploited by an attacker to...

PT-2024-34158 · Unknown · Instantcms

Name of the Vulnerable Software and Affected Versions: InstantCMS versions prior to 2.16.3 Description: The issue is related to a lack of input validation in the photo upload function on the photo album page, allowing attackers to inject and execute Cross Site Scripting XSS payloads...

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.16.3 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.16.3 Fixed in 2.16.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8486 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b44af62239ce...

PT-2024-39052 · WordPress · Phlox

Name of the Vulnerable Software and Affected Versions: Shortcodes and extra features for Phlox theme plugin for WordPress versions up to, and including, 2.16.3 Description: The issue is related to Stored Cross-Site Scripting via the url parameter in the Modern Heading and Icon Picker widgets. Thi...

WordPress Plugin Elements Plus! 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... A cross-site...

WordPress Elements Plus! plugin <= 2.16.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Elements Plus! versions = 2.16.3...

WordPress Elements Plus! Plugin <= 2.16.3 is vulnerable to Cross Site Scripting (XSS)

Software Elements Plus! Type Plugin Vulnerable versions = 2.16.3 Fixed in 2.16.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32457 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 693915246ad8 Credits Khalid Yusuf Required privilege...

WordPress Elements Plus! Plugin <= 2.16.2 is vulnerable to Cross Site Scripting (XSS)

Software Elements Plus! Type Plugin Vulnerable versions = 2.16.2 Fixed in 2.16.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2335 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f0c8e35ef5d6 Credits Francesco Carlucci...