3946 matches found
Textpattern CMS < 4.8.2 XSS Vulnerability
Textpattern CMS is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Textpattern Cross-Site Scripting Vulnerability
Textpattern is a free open-source content management system based on PHP and MySQL. version 4.8.1 of Textpattern contains a cross-site scripting vulnerability. An attacker can use this vulnerability to conduct cross-site scripting attacks via the "Custom" field in the "Menu Preferences" feature...
Side Menu Lite < 2.2.6 - Authenticated SQL Injection
The plugin does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to an SQL Injection issue POST /wp-admin/admin.php?page=side-menu-lite&tab=list HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8...
CVE-2020-23234
Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...
CVE-2020-23234
Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...
CVE-2020-23239
Cross Site Scripting XSS vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature...
CVE-2020-23239
Cross Site Scripting XSS vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature...
Cross site scripting
Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...
Cross site scripting
Cross Site Scripting XSS vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature...
CVE-2020-23239
Cross Site Scripting XSS vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature...
CVE-2020-23239
CVE-2020-23239 affects Textpattern CMS 4.8.1, with a cross-site scripting (XSS) flaw in the Menu Preferences Custom field. The vulnerability is described as enabling XSS via the Custom field in Menu Preferences. A related open-source/vuln source notes a vulnerability class for Textpattern CMS
CVE-2020-23234
Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...
CVE-2020-23234
CVE-2020-23234 affects LavaLite CMS 5.8.0 (Menu Blocks feature) with a Cross-Site Scripting (XSS) vulnerability that can be bypassed using HTML event handlers such as ontoggle. The available connected sources confirm the product, version, and the XSS in this component, along with the described by...
Textpattern CMS跨站脚本漏洞
Textpattern is a free open-source content management system based on PHP and MySQL. version 4.8.1 of Textpattern contains a cross-site scripting vulnerability. An attacker can use this vulnerability to conduct cross-site scripting attacks via the "Custom" field in the "Menu Preferences" feature...
CVE-2020-25444
Cross Site Scripting XSS vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the 1 "About Yourself” section under the “My Profile” page, " 2 “Hotel Policy” field under the “Hotel Details” page, 3 “Pricing code” and “name” fields under the “Manage Tour” page, and 4 all t...
CVE-2020-25444
Cross Site Scripting XSS vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the 1 "About Yourself” section under the “My Profile” page, " 2 “Hotel Policy” field under the “Hotel Details” page, 3 “Pricing code” and “name” fields under the “Manage Tour” page, and 4 all t...
Cross site scripting
Cross Site Scripting XSS vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the 1 "About Yourself” section under the “My Profile” page, " 2 “Hotel Policy” field under the “Hotel Details” page, 3 “Pricing code” and “name” fields under the “Manage Tour” page, and 4 all t...
CVE-2020-25444
Cross Site Scripting XSS vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the 1 "About Yourself” section under the “My Profile” page, " 2 “Hotel Policy” field under the “Hotel Details” page, 3 “Pricing code” and “name” fields under the “Manage Tour” page, and 4 all t...
CVE-2020-25444
CVE-2020-25444 affects Booking Core – Ultimate Booking System (Booking Core) version 1.7.0. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via multiple input points: the My Profile page’s About Yourself section, Hotel Details’ Hotel Policy field, Manage Tour’s Pricing code and...
OPENSUSE-SU-2021:1043-1 Security update for qemu
This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3546: Fix out-of-bounds write in virglcmdgetcapset bsc1185981 - CVE-2021-3544: Fix memory leaks found in the virtio vhost-user GPU device bsc1186010 - CVE-2021-3545: Fix information disclosure due to uninitialized...