2341 matches found
CVE-2022-4834
The CVE-2022-4834 entry concerns the WordPress plugin CPT Bootstrap Carousel (versions up to 1.12). The vulnerability is a Stored Cross-Site Scripting (Stored XSS) flaw where certain shortcode attributes are not validated or escaped before being output, allowing a low-privilege user (Contributor)...
WordPress plugin CPT Bootstrap Carousel 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
Malicious Package
Overview bootstrap-v5 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview bootstrap-v4 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
WordPress Bootstrap Shortcodes Plugin <= 3.4.0 is vulnerable to Cross Site Scripting (XSS)
Software Bootstrap Shortcodes Type Plugin Vulnerable versions = 3.4.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4777 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b9c1c40bdcb0 Credits István Márton...
Bootstrap Shortcodes <= 3.4.0 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a Contributor+ create a new post and...
Bootstrap Shortcodes <= 3.4.0 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a Contributor+ create a new post and add...
CVE-2022-4576
The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...
CVE-2022-4576 Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS
The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...
CVE-2022-4576 Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS
The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...
CVE-2022-4576
The CVE-2022-4576 affects the WordPress plugin Easy Bootstrap Shortcode (
WordPress plugin The Easy Bootstrap Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
RHEL 8 : Red Hat OpenStack 16.2.4 (python-XStatic-Bootstrap-SCSS) (RHSA-2022:8848)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8848 advisory. Bootstrap style library packaged for setuptools easyinstall / pip. Security Fixes: XSS in the tooltip or popover data-template attribute CVE-2019-833...
CVE-2023-23010
Cross Site Scripting XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 on Dec 27, 2022, allows attackers to execute arbitrary code via the languages and transload parameters in file addproduct.php...
CVE-2023-23010
Cross Site Scripting XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 on Dec 27, 2022, allows attackers to execute arbitrary code via the languages and transload parameters in file addproduct.php...
Cross site scripting
Cross Site Scripting XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 on Dec 27, 2022, allows attackers to execute arbitrary code via the languages and transload parameters in file addproduct.php...
Ecommerce-CodeIgniter-Bootstrap多款产品 跨站脚本漏洞
Ecommerce-CodeIgniter-Bootstrap is a responsive, multi-vendor, multi-language online store platform shopping cart solution. A security vulnerability exists in Ecommerce-CodeIgniter-Bootstrap. An attacker exploited the vulnerability to execute arbitrary code via the languages and transload...
CVE-2023-23010
CVE-2023-23010 is reported in Ecommerce-CodeIgniter-Bootstrap as a Cross-Site Scripting (XSS) vulnerability that can allow an attacker to execute arbitrary code via the languages and trans_load parameters in add_product.php, following commit d5904379ca55014c5df34c67deda982c73dc7fe5 (Dec 27, 2022)...
CVE-2023-23010
Cross Site Scripting XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 on Dec 27, 2022, allows attackers to execute arbitrary code via the languages and transload parameters in file addproduct.php...
AZL-12971 CVE-2022-4415 affecting package systemd-bootstrap for versions less than 250.3-12
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suiddumpable kernel setting...