7 matches found
TOTOLINK EX1200T 安全漏洞
TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK EX1200T version V4.1.2cu.5232B20210713, which stems from the main method failing to properly filter construct command special characters, commands, and so on. An...
CVE-2022-4754 Easy Social Box <= 4.1.2 - Contributor+ Stored XSS via Shortcode
The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...
PT-2022-17373 · WordPress · Team Wordpress
Name of the Vulnerable Software and Affected Versions: The Team WordPress plugin versions prior to 4.1.2 Description: The issue allows any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is...
Totolink A3600R 缓冲区错误漏洞
TotoLink A3600R is a 6-antenna 1200M wireless router from TotoLink, Taiwan, China.A buffer overflow vulnerability exists in version V4.1.2cu.5182B20201102 of the Totolink A3600R, which stems from a vulnerability in the fread function of infostat.cgi that contains stacker overflow, which can be...
GHSA-3WQF-4X89-9G79 Bootstrap vulnerable to Cross-Site Scripting (XSS)
In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute...
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute...
AZL-44094 CVE-2018-14042 affecting package python-openstackdocstheme 3.0.0-9
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip...