gotortc Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

GHSA-WV8X-3W6R-6H7V gotortc Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...

GHSA-RH4R-F7F7-R99M gotortc Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

gotortc Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...

gotortc Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

CVE-2024-5818

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-5818 Royal Elementor Addons and Templates <= 1.3.980 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid/Slider Widget

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-5818

CVE-2024-5818 affects the Royal Elementor Addons and Templates WordPress plugin. It exposes a Stored DOM-based XSS via the Magazine Grid/Slider widget in all versions ≤ 1.3.980 due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at least C...

WordPress plugin Royal Elementor Addons and Templates 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-33933

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Brainstorm Force, Nikhil Chavan Elementor – Header, Footer & Blocks Template allows DOM-Based XSS.This issue affects Elementor – Header, Footer & Blocks Template: from n/a through 1.6.35...

CVE-2024-33933 WordPress Elementor Header & Footer Builder plugin <= 1.6.35 - Contributor+ DOM-Based Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Brainstorm Force, Nikhil Chavan Elementor – Header, Footer & Blocks Template allows DOM-Based XSS.This issue affects Elementor – Header, Footer & Blocks Template: from n/a through 1.6.35...

CVE-2024-33933 WordPress Elementor Header & Footer Builder plugin <= 1.6.35 - Contributor+ DOM-Based Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Brainstorm Force, Nikhil Chavan Elementor – Header, Footer & Blocks Template allows DOM-Based XSS.This issue affects Elementor – Header, Footer & Blocks Template: from n/a through 1.6.35...

CVE-2024-33933

CVE-2024-33933 concerns the Elementor – Header, Footer & Blocks Template plugin (WordPress) with DOM-based XSS due to improper input neutralization. The CVE entry explicitly states affected software as Elementor – Header, Footer & Blocks Template from n/a through 1.6.35. Red Hat and CVE records r...

PT-2024-25566 · Elementor · Elementor – Header

Name of the Vulnerable Software and Affected Versions: Elementor – Header, Footer & Blocks Template versions 1.6.35 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for DOM-Based XS...

WordPress Premium Addons for Elementor plugin <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Animated Text Widget vulnerability discovered by Webbernaut in WordPress Plugin Premium Addons for Elementor versions = 4.10.36...

PT-2024-8167 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.20 and earlier Description: The issue is related to a DOM-based Cross-Site Scripting XSS vulnerability. It could be exploited by an attacker to execute arbitrary code in the context of the victim's browse...

WordPress WP Lightbox 2 plugin <= 3.0.6.6 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin WP Lightbox 2 versions = 3.0.6.6...

CVE-2024-5819

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-5819

CVE-2024-5819: Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored XSS via HTML data attributes due to insufficient input sanitization and output escaping. Affected versions include up to 3.2.45. Exploitation requires at least Cont...

CVE-2024-6296 Stackable – Page Builder Gutenberg Blocks <= 3.13.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ parameter in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...