CVE-2020-36172

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS...

CVE-2020-36172

The CVE-2020-36172 entry concerns the WordPress plugin Advanced Custom Fields. Concrete details from connected sources show that the plugin (versions before 5.8.12) mishandles escaping of strings in Select2 dropdowns, which can lead to Cross-Site Scripting (XSS). There is no explicit exploit path...

CVE-2020-36172

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS...

WordPress Advanced Custom Fields plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress Advanced Custom Fields plugin before 5.8.12, which...

Advanced Custom Fields < 5.8.12 - Cross-Site Scripting in Select2 dropdowns

The plugin did not correctly escape input from Select2 dropdowns, which could lead to Cross-Site Scripting issues...

CVE-2020-35349

Savsoft Quiz 5 is affected by: Cross Site Scripting XSS via fieldtitle aka a title on the custom fields page...

CVE-2020-35349

Savsoft Quiz 5 is affected by: Cross Site Scripting XSS via fieldtitle aka a title on the custom fields page...

Savsoft Quiz 5 - &#039;field_title&#039; Stored Cross-Site Scripting

Exploit Title: Savsoft Quiz 5 - 'fieldtitle' Stored Cross-Site Scripting Date: 2020-09-02 Exploit Author: Dhruv Pateldhruvp111296 Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Windows 10 Attack vector: This...

Endless Group: CVE-2020-14179 on https://jira.theendlessweb.com/secure/QueryComponent!Default.jspa leads to information disclosure

Hello theendlessweb team, Summary: the Jira instance on jira.theendlessweb.com is vulnerable to CVE-2020-14179 which allows remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability F1029731 Steps To Reproduce: Navigate to...

CVE-2020-14179

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and...

CVE-2020-14179

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and...

Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179

h3. Summary Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. h3. Affected versions: version 8.5.8 8.6....

Savsoft Quiz 5 - Persistent Cross-Site Scripting

Exploit Title: Savsoft Quiz 5 - Persistent Cross-Site Scripting Date: 2020-07-09 Exploit Author: Ogulcan Unverenth3d1gger Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Kali Linux ---Vulnerable Source Code---- functio...

WordPress Advanced Custom Fields plugin <= 5.8.11 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Advanced Custom Fields plugin versions = 5.8.11. Solution Update the WordPress Advanced Custom Fields plugin to the latest available version at least 5.8.12...

CVE-2013-4241

Multiple cross-site scripting XSS vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 image, 3 url, or 4 testimonial parameter to the Testimonial form hms-testimonials-addnew page; 5 dateformat...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 image, 3 url, or 4 testimonial parameter to the Testimonial form hms-testimonials-addnew page; 5 dateformat...

CVE-2019-16695

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used...

CVE-2019-16693

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used...

CVE-2019-16694

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used...

CVE-2019-16692

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used...