16 matches found
CVE-2025-13889
The Simple Nivo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode parameter in all versions up to, and including, 0.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2025-203014
The Simple Nivo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode parameter in all versions up to, and including, 0.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-13889
The Simple Nivo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode parameter in all versions up to, and including, 0.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-13889 Simple Nivo Slider <= 0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Simple Nivo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode parameter in all versions up to, and including, 0.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-13889 Simple Nivo Slider <= 0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Simple Nivo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode parameter in all versions up to, and including, 0.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-13889
CVE-2025-13889 : The Simple Nivo Slider WordPress plugin is vulnerable to a stored XSS via the shortcodes’ id parameter in all versions up to 0.5.6 due to insufficient input sanitization and output escaping. The issue requires authentication: attackers with Contributor-level access or higher can ...
WordPress plugin Simple Nivo Slider 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A cross-site scripti...
WordPress Simple Nivo Slider plugin <= 0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple Nivo Slider versions = 0.5.6...
EUVD-2014-8575
Malware in sbrugna...
Joomla ARI Image Slider 2.2.0 Cross Site Request Forgery / Shell Upload
Exploit Title : Joomla ARI Image Slider 2.2.0 CSRF Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 27/03/2019 Vendor Homepage : ari-soft.com Software Download Link : ari-soft.com/Joomla-Components/ARI-Image-Slider/Detailed-product-flyer.html Softwar...
CVE-2014-8744
Cross-site scripting XSS vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title...
Cross site scripting
Cross-site scripting XSS vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title...
CVE-2014-8744
Affected software: Drupal Nivo Slider module, version 7.x-2.x prior to 7.x-1.11. Vulnerable component: the image title handling in the Nivo Slider module allows cross-site scripting. Root cause: insufficient sanitization of image titles permits injection of arbitrary script/HTML by remote authent...
CVE-2014-8744
Cross-site scripting XSS vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title...
Drupal Nivo Slider Module模块跨站脚本漏洞
Bugtraq ID:66327 Drupal是一套开放源码的内容管理平台。 Drupal Nivo Slider模块没有正确过滤图像标题数据,允许远程攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。 0 Drupal Nivo Slider Module 7.x Drupal Nivo Slider Module 7.x-1.11已经修复该漏洞,建议用户下载更新: http://drupal.org/project/nivoslider...
SA-CONTRIB-2014-033 - Nivo Slider - Cross Site Scripting
Nivo Slider provides a way to showcase featured content. Nivo Slider gives administrators a simple method of adding slides to the slideshow, an administration interface to configure slideshow settings, and simple slider positioning using the Drupal block system. The module doesn't sufficiently...