29 matches found
CVE-2025-67984
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...
CVE-2025-67984
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...
CVE-2025-67984
CVE-2025-67984 is a DOM-based XSS vulnerability in the WordPress plugin NPS computy (nps-computy) , affecting versions up through and including 2.8.2 . The connected Red Hat and CVE entries confirm the flaw is an input handling/neutralization issue during web page generation that enables cross-si...
CVE-2025-67984 WordPress NPS computy plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...
CVE-2025-67984 WordPress NPS computy plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...
WordPress NPS computy plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin NPS computy versions = 2.8.2...
CVE-2024-1754
The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1755
The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-11807
The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-11807
The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-11807 NPS computy <= 2.8.0 - Reflected Cross-Site Scripting
The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-11807 NPS computy <= 2.8.0 - Reflected Cross-Site Scripting
The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-11807
CVE-2024-11807 – NPS computy (WordPress) vulnerability : The WordPress NPS computy plugin is affected by a Reflected Cross-Site Scripting flaw via the data1 and data2 parameters in all versions up to and including 2.8.0, caused by insufficient input sanitization and output escaping. The issue per...
WordPress plugin NPS computy 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress NPS computy plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin NPS computy versions = 2.8.0...
WordPress NPS computy plugin < 2.7.6 - Results Deletion via CSRF vulnerability
Results Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin NPS computy versions 2.7.6...
WordPress NPS computy plugin < 2.7.6 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin NPS computy versions 2.7.6...
CVE-2024-1755
The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-1754 NPS computy <= 2.7.5 - Admin+ Stored XSS
The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1754 NPS computy <= 2.7.5 - Admin+ Stored XSS
The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...