CVE-2024-24886

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Acowebs Product Labels For Woocommerce Sale Badges allows Stored XSS.This issue affects Product Labels For Woocommerce Sale Badges: from n/a through 1.5.3...

CVE-2024-24886 WordPress Product Labels For Woocommerce Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Acowebs Product Labels For Woocommerce Sale Badges allows Stored XSS.This issue affects Product Labels For Woocommerce Sale Badges: from n/a through 1.5.3...

CVE-2024-24886

CVE-2024-24886 affects the WordPress plugin Product Labels For Woocommerce (Sale Badges). Connected sources confirm an authenticated Stored XSS via the badgeLabel parameter in versions up to 1.5.3. Patchstack lists the fix in version 1.5.4, with low CVSS v3.1 score around 5.9, and requires Shop M...

Product Labels For Woocommerce < 1.5.4 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Description The Product Labels For Woocommerce Sale Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘'badgeLabel' parameter in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Plugin Product Labels For Woocommerce Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator

A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs...

Improper Input Validation

libidn2.so is vulnerable to Improper Input Validation. The vulnerability is due to improper roundtrip checks while converting A-labels to U-labels. This makes it possible for an attacker to impersonate arbitrary domains...

CVE-2023-7068

CVE-2023-7068 affects the WordPress plugin WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels up to version 4.3.0. Root cause: missing capability check on the print_packinglist action, enabling authenticated users with subscriber-level access and above to export orders co...

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.3.0 is vulnerable to Broken Access Control

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-7068 Patch priority Low CVSS severity Low 4.3 Developer Claim...

WordPress Plugin WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

When anonymously accessed, the "Related Labels" section show labels that are tagged on pages in non-anonymous spaces.

h3. Issue Summary When anonymously accessed, the "Related Labels" section shows labels that are tagged on pages in non-anonymous spaces. This is reproducible on the Data Center: yes Pre-condition: 1. Page accessible anonymously has been labelled - e.g. label1 and label2. 2. Page that is not...

GitLab 12.9 < 13.8.7 / 13.9.0 < 13.9.5 / 13.10 < 13.10.1 (CVE-2021-22199)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used. CVE-2021-22199 Note that Nessus has not tested for...

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.2.1 is vulnerable to Privilege Escalation

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.3.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-51546 Patch priority Medium CVSS severity Medium...

Cross Site Scripting (XSS)

com.jfinal:jfinal is vulnerable to Cross-site Scripting XSS. Lack of proper validation for user input within the library's label management feature, exposes a Cross-Site Scripting XSS vulnerability which allows an authenticated attacker to inject malicious scripts into labels, which are then...

CVE-2023-48841

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language Labels Export action...

CVE-2023-48841

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language Labels Export action...

CVE-2023-48841

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language Labels Export action...

CVE-2023-48835

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language Labels Export action...

CVE-2023-48835

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language Labels Export action...

Input validation

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language Labels Export action...