23 matches found
CVE-2022-42100
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form...
EUVD-2022-38858
Malicious code in bioql PyPI...
EUVD-2022-45186
Malicious code in bioql PyPI...
CVE-2022-36136
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment...
PT-2024-18831 · WordPress · The Events Manager
Name of the Vulnerable Software and Affected Versions: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions up to, and including, 6.4.7.1 Description: The issue is related to Stored Cross-Site Scripting via the physical location value due to insufficient input...
PYSEC-2024-18
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...
whoogle-search Code Issue Vulnerability
whoogle-search is a software application. Self-hosted, ad-free, privacy-respecting meta-search engine A code issue vulnerability exists in versions prior to whoogle-search 0.8.4 that stems from a window endpoint that does not clean up user-supplied input from the location variable and passes it t...
PT-2024-19273 · Unknown · Whoogle Search
Name of the Vulnerable Software and Affected Versions: Whoogle Search versions 0.8.3 and prior Description: Whoogle Search is a self-hosted metasearch engine. The window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method, which sends a GET...
CVE-2022-42100
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form...
CVE-2022-42100
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form...
CVE-2022-36137
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader...
CVE-2022-36137
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader...
Cross site scripting
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader...
Cross site scripting
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form...
CVE-2022-42100
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form...
CVE-2022-36137
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader...
CVE-2022-42100
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form...
CVE-2022-36136
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment...
CVE-2022-42100
CVE-2022-42100 affects KLiK SocialMediaWebsite version 1.0.1. The RedHat/EUVD/CNVD/etc. entries confirm a cross-site scripting (XSS) vulnerability in the reply-form where user-supplied data in the location input can be stored and rendered, due to insufficient input filtering/escaping. The issue i...
CVE-2022-36137
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader...