Design/Logic Flaw

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature...

CVE-2023-37304

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature...

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki 1.39.3 and earlier versions, which stems from a...

CVE-2023-37304

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature...

PT-2023-25895 · Mediawiki +1 · Doublewiki Extension +2

Name of the Vulnerable Software and Affected Versions: MediaWiki DoubleWiki extension versions through 1.39.3 Description: An issue was discovered in the DoubleWiki extension for MediaWiki that allows XSS via the column alignment feature in includes/DoubleWiki.php. Recommendations: For MediaWiki...

CLSA-2023-1685377319 vim: Fix of CVE-2023-2610

CVE-2023-2610: limit the text length to MAXCOL...

WordPress Column-Matic Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Column-Matic Type Plugin Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32578 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID acd7ffc49511 Credits Mika Required privilege...

CVE-2023-2294

A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the attack remotely. The...

Cross site scripting

A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2023-2294 UCMS Column Configuration saddpost.php cross site scripting

A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2023-29207

XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included...

XWiki Commons 跨站脚本漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A cross-site scripting vulnerability exists in XWiki Commons, which stems from Livetable Macro not properly cleaning up column names, thus allowing the insertion of raw HTML code including JavaScript...

CVE-2023-23815

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Alan Jackson Multi-column Tag Map plugin = 17.0.24 versions...

CVE-2023-23815

CVE-2023-23815 affects the WordPress plugin WordPress Multi-column Tag Map (Alan Jackson) versions

CVE-2023-23815 WordPress Multi-column Tag Map Plugin <= 17.0.24 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Alan Jackson Multi-column Tag Map plugin = 17.0.24 versions...

WordPress plugin Multi-column Tag Map 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CLSA-2023-1679925093 vim: Fix of CVE-2023-1170

CVE-2023-1170: adjust the cursor column if needed...

CLSA-2023-1679924984 vim: Fix of CVE-2023-1170

CVE-2023-1170: adjust the cursor column if needed...

postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names

A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow implementation from PGSQL...

CVE-2023-0064

The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...