WordPress Plugin Intuitive Custom Post Order 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin Login Logout Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Cross-site Scripting in jspreadsheet

The dropdown menu in jspreadsheet before v4.6.0 was discovered to be vulnerable to cross-site scripting XSS...

CVE-2022-48115

CVE-2022-48115 affects jspreadsheet CE prior to 4.6.0, with a cross-site scripting (XSS) vulnerability in the dropdown/menu code path. Root cause identified as insufficient sanitization/handling in the dropdown implementation, enabling attacker-controlled input to execute scripts in a victim’s br...

CVE-2022-48115

The dropdown menu in jspreadsheet before v4.6.0 was discovered to be vulnerable to cross-site scripting XSS...

SUSE CVE-2003-1308

CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename...

SUSE CVE-2004-0078

Buffer overflow in the index menu code menupadstring of menu.c for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via certain mail messages...

SUSE CVE-2006-1999

The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to return to the main menu...

SUSE CVE-2006-5969

CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308...

SUSE CVE-2012-1966

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL...

SUSE CVE-2012-3984

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling...

SUSE CVE-2012-4515

Use-after-free vulnerability in khtml/rendering/renderreplaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by accessing an iframe when it is being updated...

SUSE CVE-2015-2711

Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a UR...

SUSE CVE-2016-2228

Cross-site scripting XSS vulnerability in horde/templates/topbar/menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to...

SUSE CVE-2016-2822

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu...

SUSE CVE-2019-12761

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

SUSE CVE-2021-20315

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start n...

SUSE CVE-2022-35978

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs i...

Business Logic Error

froxlor/froxlor is vulnerable to Business Logic Errors. The vulnerability exists in admintemplates.php, which allows a remote attacker to manipulate the Language Dropdown Menu and change it to an arbitrary value...

CVE-2022-4657

The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...