24 matches found
CVE-2026-32127
CVE-2026-32127 affects OpenEMR before version 8.0.0.1, via a SQL injection in the ajax graphs library caused by insufficient input validation. The vulnerability can be exploited by authenticated attackers and may impact confidentiality, integrity, and availability. The advisory states the issue i...
[20260301] - Core - ACL hardening in com_ajax
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...
CVE-2025-68846
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...
CVE-2025-68846
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...
CVE-2025-68846
CVE-2025-68846 is a Reflected XSS affecting WordPress plugin Asynchronous Javascript (versions 1.3.5 (or later as released). Technical details are supported by connected Red Hat, NVD, CVE, and PatchStack entries indicating an XSS vulnerability in this plugin and the stated affected range; no exp...
CVE-2025-68846 WordPress Asynchronous Javascript plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...
CVE-2025-68846 WordPress Asynchronous Javascript plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...
PT-2026-21108
Name of the Vulnerable Software and Affected Versions Asynchronous Javascript versions n/a through 1.3.5 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting condition. This allows for the executio...
WordPress Asynchronous Javascript plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Asynchronous Javascript versions = 1.3.5...
PT-2025-46184
Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.13 Combodo iTop versions prior to 3.2.2 Description Combodo iTop, a web-based IT service management tool, is susceptible to cross-site scripting when a dashboard is edited through an AJAX call. This allows fo...
CVE-2020-36854
The CVE-2020-36854 case concerns the WordPress Async JavaScript plugin (versions up to and including 2.19.07.14). The root cause is missing authorization checks on the aj_steps AJAX action and insufficient sanitization of saved settings, enabling an stored XSS for authenticated users with subscri...
Linux Distros Unpatched Vulnerability : CVE-2014-5022
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors...
CVE-2022-1906
The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled...
WordPress plugin Cost Calculator Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Media Library Folders 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Plugin WooCommerce EAN Payment Gateway Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Prestashop SQL Injection Vulnerability
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A security vulnerability exists in Prestashop aioptimizedcombinations versions prior ...
CVE-2022-38254
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting XSS vulnerability via the ajax.php script in CCM 3.1.5...
WordPress plugin Awin Data Feed 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin Simple Membership 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Simple Membership plugin prior to...