95 matches found
PT-2024-36811 · WordPress · The Prime Slider – Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Prime Slider – Addons For Elementor plugin for WordPress versions up to, and including, 3.14.7 Description: The issue is related to Stored Cross-Site Scripting via the id attribute within the Pacific widget due to insufficient input...
CVE-2024-3053
The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminatorform shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it...
PT-2024-22866 · WordPress · Sydney Toolbox
Name of the Vulnerable Software and Affected Versions: Sydney Toolbox plugin for WordPress versions up to, and including, 1.26 Description: The issue is related to Stored Cross-Site Scripting via the id attribute of widgets due to insufficient input sanitization and output escaping on user-suppli...
CVE-2023-6884
This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'placeid' attribute. This makes it possible for authenticated attackers with...
SUSE CVE-2013-6624
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes...
libxml2: Use-after-free of ID and IDREF attributes
A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XMLPARSEDTDVALID option and without the XMLPARSENOENT option, resulting in a use-after-free issue...
libxml2: Use-after-free of ID and IDREF attributes
A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XMLPARSEDTDVALID option and without the XMLPARSENOENT option, resulting in a use-after-free issue...
CLSA-2022-1647261060 Fix of CVE: CVE-2022-23308
CVE-2022-23308: fix use-after-free of ID and IDREF attributes...
DEBIAN-CVE-2022-23308
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes...
keycloak: Account REST API can update user metadata attributes
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application...
CVE-2017-8812
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject greater than characters via the id attribute of a headline...
CVE-2008-5282
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via 1 a link with a long HREF attribute, and 2 a DIV tag with a long id attribute...
CVE-2008-5282
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via 1 a link with a long HREF attribute, and 2 a DIV tag with a long id attribute...
Spoofing
GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service client disconnect via inputs that produce malformed XML, including 1 trailing ' apostrophe character on the ID attribute in a PLAYER XML tag, 2 joining with a long ID attribute or non-trailing ' characters, which causes a...
CVE-2006-1275
GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service client disconnect via inputs that produce malformed XML, including 1 trailing ' apostrophe character on the ID attribute in a PLAYER XML tag, 2 joining with a long ID attribute or non-trailing ' characters, which causes a...