GHSA-9J9H-CPGC-8356 phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

phpMyAdmin Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

GHSA-5P69-RMX8-7GW7 phpMyAdmin Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

GHSA-JQMR-WQGP-8MH2 phpMyAdmin cross-site scripting Vulnerability in Table or Column Names

Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...

phpMyAdmin cross-site scripting Vulnerability in Table or Column Names

Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...

CVE-2020-2163

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers...

Out-of-bounds read when opening multiple column families with TTL

Affected versions of this crate called the RocksDB C API rocksdbopencolumnfamilieswithttl with a pointer to a single integer TTL value, but one TTL value for each column family is expected. This is only relevant when using rocksdb::DBWithThreadMode::opencfdescriptorswithttl with multiple column...

WordPress plugin Admin Word Count Column arbitrary file reading vulnerability

WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. PHP is a scripting language that executes on the server side. WordPress plugin Admin An arbitrary file reading vulnerability exists in Word Count Column 2.2 and earlier versions, which...

Cross-site Scripting (XSS)

element-plus is vulnerable to cross-site scriptingXSS attacks. The library does not properly sanitize the popperContent parameter in renderContent function, allowing an attacker to inject and execute malicious javascript via el-table-column...

GHSA-RJVG-8V36-XV9R element-plus vulnerable to cross-site scripting (XSS) via el-table-column

element-plus below 2.0.5 is vulnerable to Cross Site Scripting XSS when attribute show-tooltips-overflow of el-table-column is true. The mouseover action will make the text of this column render as html...

element-plus vulnerable to cross-site scripting (XSS) via el-table-column

element-plus below 2.0.5 is vulnerable to Cross Site Scripting XSS when attribute show-tooltips-overflow of el-table-column is true. The mouseover action will make the text of this column render as html...

CVE-2022-1390

CVE-2022-1390 affects the WordPress plugin Admin Word Count Column (versions

CVE-2022-1390 Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a...

CVE-2022-27103

element-plus 2.0.5 is vulnerable to Cross Site Scripting XSS via el-table-column...

CVE-2022-27103

element-plus 2.0.5 is vulnerable to Cross Site Scripting XSS via el-table-column...

CVE-2022-27103

element-plus 2.0.5 is vulnerable to Cross Site Scripting XSS via el-table-column...

CVE-2022-27103

element-plus 2.0.5 is vulnerable to Cross Site Scripting XSS via el-table-column...

CVE-2022-27103

CVE-2022-27103 affects element-plus 2.0.5, with a Cross Site Scripting (XSS) flaw exposed through el-table-column. The root cause described in the included records is inadequate sanitization/filtering of el-table-column content, allowing injected script execution. Multiple sources (CNNVD citing l...

WordPress plugin Admin Word Count Column路径遍历漏洞

WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. PHP is a scripting language that executes on the server side. WordPress plugin Admin An arbitrary file reading vulnerability exists in Word Count Column 2.2 and earlier versions, which...