5 matches found
CVE-2026-8977 WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action
The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...
DEBIAN-CVE-2022-29221
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...
Highlightjs Security Vulnerability
Highlightjs is a syntax highlighting tool written in JavaScript by the Highlightjs team. It is available on both browsers and servers, does not depend on any framework, and has automatic language detection. A security vulnerability exists in Highlightjs version 9.18.2 and versions prior to 10.1.2...
Drupal Taxonews Module Cross-Site Scripting Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Taxonews is one of the modules that generates blocks containing titles for nodes in the taxonomy vocabulary by matching conditions. A cross-site scripting vulnerability exists in the...
CVE-2009-0502
CVE-2009-0502 is a cross-site scripting (XSS) vulnerability in Snoopy 1.2.3 used by Moodle, exploitable when viewing an HTML block via the Moodle "Login as" flow to MyMoodle or Blog pages. Affects Moodle releases prior to 1.6.9, 1.7 prior to 1.7.7, 1.8 prior to 1.8.8, and 1.9 prior to 1.9.4. The ...