org.webjars.npm:event-calendar__core (>=3.1.0 <=3.7.1), org.webjars.npm:event-calendar__day-grid (=3.6.2) +1 more potentially affected by unknown CVE via org.webjars.npm:svelte (=4.2.19)

org.webjars.npm:svelte MAVEN version =4.2.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:svelte and may be impacted: - org.webjars.npm:event-calendarcore =3.1.0, =3.1.0, =3.6.2 Source cves: unknown CVE Source advisory:...

CVE-2025-64218

Insertion of Sensitive Information Into Sent Data vulnerability in WP Chill Passster content-protector allows Retrieve Embedded Sensitive Data.This issue affects Passster: from n/a through = 4.2.19...

CVE-2025-64218 WordPress Passster plugin <= 4.2.19 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in WP Chill Passster content-protector allows Retrieve Embedded Sensitive Data.This issue affects Passster: from n/a through = 4.2.19...

WordPress plugin WP Chill Passster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress Passster plugin <= 4.2.19 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Passster versions = 4.2.19...

CVE-2025-2789

The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletetablerateshippingrow function in all versions up to, and...

CVE-2024-45047

svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, but in some situation the final DOM tree...

CVE-2024-45047

CVE-2024-45047 concerns Svelte, a web framework. The vulnerability is described as a mutation-based XSS (mXSS) that can occur due to improper HTML escaping during server-side rendering, specifically when injecting malicious content into an attribute within a noscript tag. Affected versions are up...

PT-2024-31398 · Svelte · Svelte

Name of the Vulnerable Software and Affected Versions: Svelte versions prior to 4.2.19 Description: A potential mXSS vulnerability exists in Svelte due to improper HTML escaping on server-side rendering. The issue arises when the final DOM tree rendered on browsers differs from what Svelte expect...

Svelte 跨站脚本漏洞

Svelte is a new way to build web applications from Svelte Open Source. A cross-site scripting vulnerability exists in Svelte 4.2.19 and earlier versions that stems from improper HTML escaping during server-side rendering, which could lead to a variant cross-site scripting attack, especially when...

[SECURITY] [DLA 2351-1] php-horde-kronolith security update

Debian LTS Advisory DLA-2351-1 [email protected] https://www.debian.org/lts/security/ Mike Gabriel August 29, 2020 https://wiki.debian.org/LTS Package : php-horde-kronolith Version : 4.2.19-1+deb9u2 CVE ID : CVE-2017-16906 Debian Bug : 909737 In Horde Groupware, there has been an XSS...

openSUSE Security Update : tryton (openSUSE-2019-1013)

This update for tryton to version 4.2.19 fixes the following issues : Security issue fixed : - CVE-2018-19443: Fixed an information leakage by attemping to initiate an unencrypted connection, which would fail eventually, but might leak session information of the user boo1117105 This update also...

Fedora 28 : php-horde-nag (2018-8dfeb06ce9)

nag 4.2.19 - mjr SECURITY: Fix multiple XSS vulnerabilities when displaying and filtering task lists. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much...

Security update for tryton (moderate)

This update for tryton to version 4.2.19 fixes the following issues boo1107771: Security issue fixed: - CVE-2018-19443: Fixed an information leakage by attemping to initiate an unencrypted connection, which would fail eventually, but might leak session information of the user boo1117105 This upda...

CVE-2018-6013

Cross-site scripting XSS in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php...

CVE-2018-6013

CVE-2018-6013 is an XSS vulnerability in BigTree CMS 4.2.19. The issue exists in core/admin/ajax/developer/extensions/file-browser.php, where the directory parameter can be used by remote attackers to inject arbitrary web script or HTML. The description across multiple sources confirms impact is ...

CVE-2018-6013

Cross-site scripting XSS in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php...