6 matches found
CVE-2026-28561
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...
PT-2026-22482
Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description The software contains a stored cross-site scripting issue. This allows administrators to inject persistent JavaScript through forum description fields. The injected script executes when any user views th...
CVE-2020-13487
The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?posttype=forum aka the Forum listing page for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI...
CVE-2020-13487
The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?posttype=forum aka the Forum listing page for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI...
CVE-2020-13487
The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?posttype=forum aka the Forum listing page for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI...
SA-CORE-2012-002 - Drupal core multiple vulnerabilities
Denial of Service CVE: CVE-2012-1588 Drupal core's text filtering system provides several features including removing inappropriate HTML tags and automatically linking content that appears to be a link. A pattern in Drupal's text matching was found to be inefficient with certain specially crafted...