34 matches found
WordPress Plugin WP Quick FrontEnd Editor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Plugin WP Quick FrontEnd Editor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2023-12474 · WordPress · Wp Quick Frontend Editor
Name of the Vulnerable Software and Affected Versions: WP Quick FrontEnd Editor plugin for WordPress versions up to, and including, 5.5 Description: The issue arises from insufficient input sanitization and output escaping on the save content front function, which uses print r on user-supplied $...
PT-2023-12482 · WordPress · Wp Quick Frontend Editor
Name of the Vulnerable Software and Affected Versions: WP Quick FrontEnd Editor plugin for WordPress versions up to and including 5.5 Description: The issue is due to the lack of a security nonce and a capabilities check, allowing low-authenticated attackers to change plugin settings without prop...
WordPress Plugin WP Quick FrontEnd Editor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Liferay Portal and Liferay DXP Vulnerable to XSS in the CKEditor Integration with the Frontend Editor Module
A Cross-site scripting XSS vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Frontend Editor CKEditor Web before 5.0.46 from Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject...
Cross site scripting
A Cross-site scripting XSS vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the 1 name, or 2 namespace...
Liferay Portal 跨站脚本漏洞
Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and more. A security vulnerability exists in Liferay Portal...
PT-2022-26261 · Cksource +1 · Ckeditor +2
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.4.3.14 Liferay DXP versions 7.3 before update 6 Liferay DXP versions 7.4 before update 15 Description: A Cross-site scripting XSS issue exists due to the integration of the Frontend Editor module with...
CVE-2022-42116
CVE-2022-42116 is an XSS vulnerability in Liferay Portal/Liferay DXP where the Frontend Editor module’s CKEditor integration accepts user-controlled input via the name or namespace parameters. Affected versions include Liferay Portal 7.3.2 through 7.4.3.14 and Liferay DXP 7.3 before update 6 and ...
brat-frontend-editor (>=0.0.19 <=0.3.42), frontend-editor (>=0.0.1 <=0.0.5) +3 more potentially affected by CVE-2021-20086 via jquery-bbq (>=0.0.1 <=1.0.0)
jquery-bbq NPM version =0.0.1, =0.0.19, =0.0.1, =0.0.1, =2.1.3, =2.2.3-a Source cves: CVE-2021-20086 Source advisory: OSV:GHSA-7W8J-85WM-6XFQ...
WordPress WP Quick FrontEnd Editor plugin <= 5.5 - Authenticated Content Injection vulnerability
Authenticated Content Injection vulnerability found by Jerome Bruandet in WordPress WP Quick FrontEnd Editor plugin versions = 5.5. Solution 2021-01-18 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of October 23, 2020 and is...
WordPress WP Quick FrontEnd Editor plugin <= 5.5 - Authenticated Settings Change and Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Settings Change and Stored Cross-Site Scripting XSS vulnerability found by Jerome Bruandet NinTechNet in WordPress WP Quick FrontEnd Editor plugin versions = 5.5. Solution 2021-01-18 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin...
Buddyforms < 2.2.8 - SQL Injection
The Contact – Registration – Post Form Builder & FrontEnd Editor BuddyForms – Making WordPress Forms A Breeze WordPress plugin was affected by a SQL Injection security vulnerability...