Cross site scripting

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...

WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin <= 1.7 - Arbitrary Plugin Installation vulnerability

Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin versions = 1.7. Solution Update the WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin to the latest available...

The vulnerability of the strdup function in the box_code_base.c component of the GPAC multimedia platform allows a hacker to cause a service failure.

The vulnerability of the strdup function in the boxcodebase.c component of the GPAC multimedia platform is related to incorrect handling of a string that is not terminated with '\x00'. Exploiting this vulnerability allows an attacker to cause service interruptions...

The vulnerability of the afra_box_read function in the MP4Box component of the GPAC multimedia platform allows a hacker to gain access to confidential data.

The vulnerability of the afraboxread function in the MP4Box component of the GPAC multimedia platform involves the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to gain access to confidential data through a specially created file...

The vulnerability of the Fraction function in the libheif/box.cc component of the HEIF and AVIF encoding/decoding library allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Fraction function in the libheif/box.cc component of the HEIF and AVIF encoding/decoding library allows attackers to exploit it remotely. This enables them to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the gf_isom_oinf_read_entry function in the MP4Box component of the GPAC multimedia platform allows a hacker to gain access to confidential data.

The vulnerability of the gfisomoinfreadEntry function in the MP4Box component of the GPAC multimedia platform is related to improper memory release before deleting the last reference. Exploiting this vulnerability allows a remote attacker to gain access to confidential data through a specially...

CVE-2022-27441

A stored cross-site scripting XSS vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box...

CVE-2022-27441

A stored cross-site scripting XSS vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box...

CVE-2022-27441

A stored cross-site scripting XSS vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box...

The vulnerability of the trak_box_size function in the MP4Box command of the GPAC multimedia platform allows a perpetrator to cause a service failure.

The vulnerability of the trakboxsize function in the MP4Box multimedia platform’s command set is related to pointer assignment errors. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created file...

CVE-2022-25619

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86...

CVE-2022-25620

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 versio...

CVE-2022-0641

The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the aysfbtab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-0641

The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the aysfbtab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-0641

The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the aysfbtab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-0641

The CVE-2022-0641 entry concerns the WordPress plugin Popup Like box (versions before 3.6.1). The issue is a Reflected Cross-Site Scripting vulnerability caused by the ays_fb_tab parameter not being sanitized/escaped before output in an admin page, enabling injected JavaScript if an attacker can ...

CVE-2022-0641 Popup Like box < 3.6.1 - Reflected Cross-Site Scripting

The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the aysfbtab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

WordPress plugin Popup Like box 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress...

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box...

CKEditor4 authentication vulnerability

An authentication vulnerability exists in CKEditor4, an open source HTML editor, in the "Dialog Box" plug-in. The vulnerability allows misuse of the dialog input validator regular expression, which can cause significant performance degradation, leading to browser tab freezes. No details of the...