35 matches found
CVE-2019-25656 R i386 3.5.0 Local Buffer Overflow SEH
R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler SEH overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to...
CVE-2018-25253 Termite 3.4 Denial of Service via Settings Buffer Overflow
Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the...
EUVD-2025-10644
Malicious code in bioql PyPI...
CVE-2025-31382
Cross-Site Request Forgery CSRF vulnerability in theode Language Field language-field allows Stored XSS.This issue affects Language Field: from n/a through = 0.9...
CVE-2025-31382
Cross-Site Request Forgery CSRF vulnerability in theode Language Field language-field allows Stored XSS.This issue affects Language Field: from n/a through = 0.9...
CVE-2025-31382 WordPress Language Field plugin <= 0.9 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in theode Language Field allows Stored XSS. This issue affects Language Field: from n/a through 0.9...
CVE-2025-31382
CVE-2025-31382 affects the Language Field plugin for WordPress. The issue is a Cross-Site Request Forgery (CSRF) vulnerability that can lead to Stored Cross-Site Scripting (XSS). The provided metrics show a CVSS v3.1 base score of 7.1 (HIGH) with network attack vector, low attack complexity, and ...
PT-2025-15740 · Unknown · Theode Language Field
Name of the Vulnerable Software and Affected Versions: theode Language Field versions n/a through 0.9 Description: A Cross-Site Request Forgery CSRF issue in theode Language Field allows for Stored XSS. Recommendations: For versions n/a through 0.9, consider disabling the Language Field...
WordPress plugin Language Field 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
Modoboa Cross-Site Scripting Vulnerability
modoboa is an email hosting and management platform for individual developers. A cross-site scripting vulnerability exists in versions prior to modoboa 2.2.2, which stems from a cross-site scripting vulnerability in the language field of the configuration file...
DOM Cross Side Scripting
Description Hello team, Recently i found that, DOM XSS on profile language field there is a DOM XSS Proof of Concept Video poc: https://screencast-o-matic.com/watch/c01067VBWlV Step: 1. Login as simple user 2. Click on settings and select profile tab. 3. Click on change language as 'english' and...
SUSE CVE-2022-24710
Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed i...
Weblate Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in Weblate, a Copyleft web-based free software continuous localization system, which stems from the failure of versions prior to 4.11 to properly neutralize user input used in the username and language fields. As a result of this improper neutralization...
PYSEC-2022-35
Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed i...
Weblate 跨站脚本漏洞
A cross-site scripting vulnerability exists in Weblate, a Copyleft web-based free software continuous localization system, which stems from the failure of versions prior to 4.11 to properly neutralize user input used in the username and language fields. As a result of this improper neutralization...