CVE-2024-23995

Cross Site Scripting XSS in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container...

CVE-2023-6987

The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2023-47520

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Michael Uno miunosoft Responsive Column Widgets plugin = 1.2.7 versions...

CVE-2023-41651

Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26...

CVE-2023-36311

There is a SQL injection SQLi vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0...

CVE-2023-37304

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature...

CVE-2023-32578

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Twinpictures Column-Matic plugin = 1.3.3 versions...

CVE-2023-5708

The WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'column' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-23815

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Alan Jackson Multi-column Tag Map plugin = 17.0.24 versions...

CVE-2023-45762

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Michael Uno miunosoft Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7...

CVE-2022-27103

element-plus 2.0.5 is vulnerable to Cross Site Scripting XSS via el-table-column...

CVE-2022-1390

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a...

CVE-2021-24365

The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of...

CVE-2021-39413

Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...

CVE-2020-25449

Cross Site Scripting XSS vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column...

CVE-2020-24617

Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped...

CVE-2020-2266

Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

Heap Buffer Overflow in the DrainCol Destructor

An off-by-one error in the DrainCol::drop destructor could cause an unsafe memory copy operation to exceed the bounds of the associated vector. The error was related to the size of the data being copied in one of the ptr::copy invocations inside the destructor. When removing the first column from...

RUSTSEC-2025-0062 Heap Buffer Overflow in the DrainCol Destructor

An off-by-one error in the DrainCol::drop destructor could cause an unsafe memory copy operation to exceed the bounds of the associated vector. The error was related to the size of the data being copied in one of the ptr::copy invocations inside the destructor. When removing the first column from...

CVE-2025-46491

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matthew Muro Multi-Column Taxonomy List multi-column-taxonomy-list allows Stored XSS.This issue affects Multi-Column Taxonomy List: from n/a through = 1.5...