151 matches found
CVE-2025-10036 Featured Image from URL (FIFU) <= 5.2.7 - Authenticated (Admin+) SQL Injection
The Featured Image from URL FIFU plugin for WordPress is vulnerable to SQL Injection via the getallurls function in all versions up to, and including, 5.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2025-10036
The FIFU (Featured Image from URL) WordPress plugin is affected by an authenticated SQL Injection vulnerability in get_all_urls() for versions up to and including 5.2.7. An Administrator+ attacker can inject additional SQL into existing queries to exfiltrate data. Patch information from connected...
Cross-Site Scripting (XSS)
org.apache.jspwiki, jspwiki-main is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of crafted requests using the Image plugin, which allows an attacker to execute JavaScript in the victim's browser and obtain sensitive information...
Apache JSPWiki Image plugin cross-site scripting vulnerability
Apache JSPWiki is the United States Apache Apache Foundation of a Java, Servlet and JSP-based open source WikiWiki engine to build . A cross-site scripting vulnerability exists in the Apache JSPWiki Image plugin, which can be exploited by an attacker to execute javascript in the victim's browser...
Cross-site Scripting (XSS)
Overview org.apache.jspwiki:jspwiki-main is a main release jar for Apache JSPWiki engine. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Image plugin. An attacker can execute arbitrary JavaScript in a victim's browser and access sensitive information by...
GHSA-72WW-4RCW-MC62 Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability in the Image Plugin
A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later...
Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability in the Image Plugin
A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later...
CVE-2025-24854
A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later...
CVE-2025-24854
CVE-2025-24854 affects Apache JSPWiki’s Image plugin. A crafted request triggers a cross-site scripting (XSS) vulnerability that could allow JavaScript execution in the victim’s browser and potentially expose sensitive information. Affected component: JSPWiki Image plugin (version prior to 2.12.3...
CVE-2025-24854 Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin
A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later...
CVE-2025-24854 Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin
A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later...
Apache JSPWiki 安全漏洞
Apache JSPWiki is the United States Apache Apache Foundation of a Java, Servlet and JSP-based open source WikiWiki engine to build . A cross-site scripting vulnerability exists in the Apache JSPWiki Image plugin, which can be exploited by an attacker to execute javascript in the victim's browser...
IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16730)
IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...
CVE-2025-7322
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...
CVE-2025-7298
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...
CVE-2025-7268
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...
CVE-2025-7233
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in th...
IrfanView CADImage Plugin 缓冲区错误漏洞
IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current...
IrfanView CADImage Plugin 缓冲区错误漏洞
IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...
IrfanView CADImage Plugin 缓冲区错误漏洞
IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...