4 matches found
CVE-2025-8767
The CVE-2025-8767 entry concerns the WordPress plugin AnWP Football Leagues. Affected versions are up to and including 0.16.17, with CSV injection in the functions download_csv_players and download_csv_games. Exploitation requires authenticated access at Administrator level or higher. An attacker...
CVE-2025-1677
A Denial of Service DoS issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversized payloads into CI pipeline exports...
PT-2024-27648 · Envato · Envato Template Kit
Name of the Vulnerable Software and Affected Versions: Envato Template Kit – Export versions 1.0.0 through 1.0.22 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...
UBUNTU-CVE-2018-19799
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS...