CVE-2022-35174

A stored cross-site scripting XSS vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field...

EUVD-2014-2765

Malware in sbrugna...

CVE-2025-48080

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Stored XSS.This issue affects Uncanny Toolkit for LearnDash: from n/a through = 3.7.0.2...

CVE-2025-48080

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Stored XSS.This issue affects Uncanny Toolkit for LearnDash: from n/a through = 3.7.0.2...

CVE-2020-11862

Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2...

OpenText NetIQ Privileged Account Manager Security Vulnerability

OpenText NetIQ Privileged Account Manager is a customer management software from OpenText Canada. A security vulnerability exists in OpenText NetIQ Privileged Account Manager prior to version 3.7.0.2, which arises from an unrestricted allocation of resources in the application...

CVE-2022-35174

A stored cross-site scripting XSS vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field...

Kirby 跨站脚本漏洞

Kirby is a file-based content management system CMS. A cross-site scripting vulnerability exists in Kirby Starterkit version v3.7.0.2. An attacker can execute arbitrary web script or HTML via a specially crafted payload injected into the Tags field...

WordPress Plugins TaxoPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2014-2737

SQL injection vulnerability in the getactivesession function in the KTAPIUserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function...

Sql injection

SQL injection vulnerability in the getactivesession function in the KTAPIUserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function...

KnowledgeTree 3.x - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/51373/info KnowledgeTree is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...