WordPress Draft List plugin <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'display_name' Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'displayname' Parameter vulnerability discovered by WordFence in WordPress Plugin Draft List versions = 2.6.2...

CVE-2025-14891

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayName' parameter in all versions up to, and including, 5.93.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

GHSA-RMW5-F87R-W988 Grav Admin Plugin is vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`

Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the datareadableName parameter. The injected scripts are stored on the server and...

EUVD-2024-3436

Malicious code in bioql PyPI...

COMFAST CF-N1 安全漏洞

COMFAST CF-N1 is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in COMFAST CF-N1 version 2.6.0, which originates from a command injection due to incorrect operation of the parameter interface/displayname in the file /usr/bin/webmgnt...

CVE-2024-4892

The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘displayname’ parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissio...

WordPress GeoDirectory plugin <= 2.8.97 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Display_name Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Displayname Parameter vulnerability discovered by Tim Coen in WordPress Plugin GeoDirectory versions = 2.8.97...

LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section

A stored cross-site scripting XSS vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter...

CVE-2024-53457

A stored cross-site scripting XSS vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter...

CVE-2024-53457

CVE-2024-53457 details a stored XSS in LibreNMS (Device Settings, Display Name) for versions 24.9.0–24.10.0. The underlying issue enables arbitrary web scripts/HTML execution via crafted payloads. Public sources corroborate the affected product and version range and identify the remediation: upgr...

LibreNMS 安全漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of the network environment and automatic updates. A security vulnerability exists in LibreNMS versions v24.9.0 through v24.10.0. An...

WordPress Plugin Simple Membership Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-18473 · WordPress · Simple Membership

Name of the Vulnerable Software and Affected Versions: Simple Membership plugin for WordPress versions up to, and including, 4.4.2 Description: The issue is related to Stored Cross-Site Scripting via the Display Name parameter due to insufficient input sanitization and output escaping. This allow...

CVE-2020-24666

The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in = 9.1.0.1...

Cross site scripting

The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in = 9.1.0.1...

CVE-2020-25990

WebsiteBaker 2.12.2 allows SQL Injection via parameter 'displayname' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

CVE-2018-19927

Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zFormsavechanges sipnick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases...

WhiteBoard 0.1.30 Blind SQL Injection

WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities Name WhiteBoard Vendor http://sarosoftware.com Versions Affected 0.1.30 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-24 X. INDEX I. ABOUT THE...