CVE-2025-22738

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alimir WP ULike wp-ulike allows Stored XSS.This issue affects WP ULike: from n/a through = 4.7.6...

CVE-2018-11331

An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess...

CVE-2024-12770 WP ULike < 4.7.6 - Admin+ Stored XSS

The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2025-21443 · WordPress · Wp Ulike

Name of the Vulnerable Software and Affected Versions: WP ULike WordPress plugin versions prior to 4.7.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for...

CVE-2025-22738 WordPress WP ULike plugin <= 4.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TechnoWich WP ULike allows Stored XSS.This issue affects WP ULike: from n/a through 4.7.6...

WordPress plugin WP ULike 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

PT-2024-27512 · Stormshield · Stormshield Network Security

Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 4.0.0 through 4.3.25 Stormshield Network Security SNS versions 4.4.0 through 4.7.5 Stormshield Network Security SNS version 4.8.0 Description: An issue was discovered in Stormshield Network Security S...

CVE-2024-37386

An issue was discovered in Stormshield Network Security SNS 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot. The following versions fix this: 4.3.27, 4.7.6, and 4.8.2...

PT-2024-23229 · Unknown · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: Bold Page Builder versions through 4.7.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...

WordPress Bold Page Builder Plugin <= 4.7.6 is vulnerable to Cross Site Scripting (XSS)

Software Bold Page Builder Type Plugin Vulnerable versions = 4.7.6 Fixed in 4.7.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30179 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 767144e6c86c Credits LVT-tholv2k Required privilege...

Code injection

baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available...

CVE-2023-43792 baserCMS Code Injection Vulnerability in Mail Form Feature

baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available...

CVE-2023-43792

CVE-2023-43792 affects baserCMS, with a Code Injection vulnerability in the mail form for versions 4.6.0–4.7.6 caused by inadequate filtering of constructed snippets. The advisory notes no patched versions at publication, but subsequent records indicate fixes: upgrade to baserCMS 4.7.7 (and 4.8.0...

baserCMS 代码注入漏洞

baserCMS is an enterprise-level content management system CMS from the baserCMS team. A code injection vulnerability exists in baserCMS versions 4.6.0 through 4.7.6, which stems from the application's failure to properly filter special elements of constructed snippets. An attacker can exploit the...

PT-2023-28984 · Basercms · Basercms

Name of the Vulnerable Software and Affected Versions: baserCMS versions 4.6.0 through 4.7.6 Description: The issue is related to a Code Injection vulnerability in the mail form of baserCMS, a website development framework. This vulnerability allows malicious code to be executed in the Mail Form...

PT-2023-20906 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: RuoYi versions 4.7.6 and below Description: An arbitrary file download issue in the background management module allows attackers to download arbitrary files on the server. Recommendations: For versions 4.7.6 and below, update to a version...

08cms (=1.0.0), 101 (>=0.3.0 <=0.7.1) +6018 more potentially affected by CVE-2021-23369 via handlebars (>=1.0.10 <=4.7.6)

handlebars NPM version =1.0.10, =0.3.0, =0.0.1, =0.0.2, =0.0.16, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.0.1, =0.4.0, =3.0.0, =1.0.0, =2.0.2 and more Source cves: CVE-2021-23369 Source advisory: OSV:GHSA-F2JV-R9RF-7988...

SUSE: Security Advisory (SUSE-SU-2018:2081-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Red Hat OpenShift Input Validation Error Vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. An input validation error vulnerability exists in multiple Red Hat products. The vulnerability stems from a networked system or produc...

JomSocial , 4.7.6, XSS (Cross Site Scripting)

JomSocial , 4.7.6, XSS Cross Site Scripting investigation...