6 matches found
CVE-2026-9731
The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on the pluginsettings function. This makes it possible for unauthenticated attackers to update the plugin's...
EUVD-2026-42173
The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on the pluginsettings function. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2026-9731 Wp Js Detect <= 1.0.9 - Cross-Site Request Forgery to Plugin Settings Update
The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on the pluginsettings function. This makes it possible for unauthenticated attackers to update the plugin's...
Xibo 跨站脚本漏洞
Xibo is a digital signage content management tool developed by Dan Garner. Versions of Xibo prior to 4.4.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-cross-site scripting in the notification text, which could allow authorized users to automatically...
GHSA-H7G4-65MF-6MXH Cross-site Scripting in Graylog Server
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js...
LimeSurvey 跨站脚本漏洞
LimeSurvey formerly known as PHPSurveyor is an open source online survey program from the Limesurvey team that supports survey program development, survey posting, and data collection. A cross-site scripting vulnerability exists in LimeSurvey 4.2.5 that originates in the text boxes of the...