SOUND4多款产品 操作系统命令注入漏洞

SOUND4 IMPACT and others are products of SOUND4, a French company.SOUND4 IMPACT is a professional broadcast audio processor.SOUND4 FIRST is a broadcast audio processor.SOUND4 PULSE is an audio processor. An operating system command injection vulnerability exists in several SOUND4 products that...

Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack. 1. Add a product item to the plugin. The item name, for example, "first". You will also use this in the shortcode...