WordPress Favorites plugin < 2.3.5 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Thanh Hang in WordPress Plugin Favorites versions 2.3.5...

CVE-2025-1452 Favorites < 2.3.5 - Admin+ Stored XSS

The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2022-24820 · Sftpgo · Sftpgo

Name of the Vulnerable Software and Affected Versions: SFTPGo versions prior to 2.3.5 Description: SFTPGo is an SFTP server written in Go. The SFTPGo WebClient is subject to Cross-site scripting XSS vulnerabilities, allowing remote attackers to inject malicious code. This issue is patched in...

DEBIAN-CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...