CVE-2024-9236 Team Members Showcase < 4.4.2 - Editor+ Stored XSS

The Team WordPress plugin before 4.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2023-14618 · Algoo · Algoo Tracim

Name of the Vulnerable Software and Affected Versions: Algoo Tracim versions prior to 4.4.2 Description: The issue allows for XSS via HTML file upload. Recommendations: For versions prior to 4.4.2, update to version 4.4.2 or later to resolve the issue...

SUSE CVE-2007-6532

Double free vulnerability in the Widget Library libxfcegui4 in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."...

SUSE CVE-2017-5361

Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack...

Atlassian FishEye and Crucible Cross-Site Scripting Vulnerabilities

Atlassian FishEye and Crucible are both products of the Australian company Atlassian, FishEye is a suite of software for deep viewing of source code repositories and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in the administration user deletion resource ...

CVE-2017-14587

The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the uname parameter...

CVE-2017-14588

Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the dialog parameter...