27 matches found
CVE-2023-2433
The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in page...
CVE-2023-2433
The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in page...
PT-2023-19525 · WordPress · Yarpp
Name of the Vulnerable Software and Affected Versions: YARPP plugin for WordPress versions up to, and including, 5.30.3 Description: The issue arises from insufficient input sanitization and output escaping, allowing contributor-level attackers to inject arbitrary web scripts via the className...
WordPress Plugin YARPP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
Student Attendance Management System Cross-Site Scripting Vulnerability
Student Attendance Management System is a student attendance management system. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data in the className parameter of the createClass.php file, which can be exploited to cause cross-site scripting attacks...
Symantec Data Center Security Server 'WCUnsupportedClass.jsp' XSS
The remote Symantec Data Center Security Server running on the remote host is affected by a reflected cross-site scripting vulnerability due to improper validation of input to the 'classname' parameter in the 'WCUnsupportedClass.jsp' script. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Design/Logic Flaw
PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service application crash via a long string in 1 the domain parameter to the dgettext function, the message parameter to the 2 dcgettext or 3 gettext function, the msgid1 parameter to the 4 dngettext or 5 ngettext...