3 matches found
CVE-2026-7457
The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters firstname, lastname, phone, notes bypass sanitizati...
CVE-2026-40901
DataEase (open-source data visualization platform) versions 2.10.20 and earlier ship legacy velocity-1.7.jar pulling in commons-collections-3.2.1.jar containing InvokerTransformer gadget chain. Quartz 2.3.2 is bundled and deserializes JOB_DATA blobs from qrtz_job_details via ObjectInputStream wit...
CVE-2022-50951
WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...