3 matches found
Cross-site Scripting (XSS)
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the style function. An attacker can inject arbitrary CSS into the rendered attribute by supplying specially craft...
CVE-2019-16250
includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets CSS token sequence...
PT-2023-32551 · WordPress · Mainwp Dashboard
Name of the Vulnerable Software and Affected Versions: MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress versions up to, and including, 4.5.1.2 Description: The issue allows authenticated attackers with administrator-level access to inject arbitrary CSS...