156 matches found
WordPress Plugin Mosaic Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-4288
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible f...
CVE-2024-0896
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
CVE-2024-0871
The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'flbuilderdatanodepreviewlink' and 'flbuilderdatasettingslinktarget' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This...
CVE-2024-21497
Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirecturl parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability,...
CVE-2023-49864
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the downloadURLimage parameter...
WordPress Plugin Ad Inserter Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2023-42426
Cross-site scripting XSS vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component...
CVE-2023-3025
The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...
NeoMind Fusion Platform 跨站脚本漏洞
NeoMind Fusion Platform is an Artificial Intelligence AI solution designed to provide intelligent diagnosis, treatment, and assisted decision support in the healthcare field. A cross-site scripting vulnerability exists in NeoMind Fusion Platform, which stems from the parameter link in the file...
GHSA-JVJX-QQH7-6X6C thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting XSS because it fails to sanitize user input in the FAQ News link parameter. This has been fixed in 3.1.12...
Django AJAX Utilities 跨站脚本漏洞
Django AJAX Utilities are some of Mobile Vikings individual developer's utilities that make paging and tabbing easier. A cross-site scripting vulnerability exists in Django AJAX Utilities 1.2.1 and earlier versions, which stems from a security issue in the function Pagination in the file...
youngcart5 跨站脚本漏洞
youngcart5 is an open source shopping center program from kagla open source. A cross-site scripting vulnerability exists in versions prior to youngcart5 5.4.5.1, which stems from incorrect manipulation of the parameter melink leading to cross-site scripting...
PT-2022-11744 · Unknown · Gnuboard Youngcart5
Name of the Vulnerable Software and Affected Versions: gnuboard youngcart5 versions up to 5.4.5.1 Description: A vulnerability has been found in gnuboard youngcart5, where the manipulation of the argument me link in the file adm/menu list update.php leads to cross site scripting. This issue can b...
Buffer overflow
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service...
CVE-2022-26529 Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service...
CVE-2022-26529
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service...
CVE-2022-2367
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...
CVE-2022-2367
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...
Design/Logic Flaw
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...