7 matches found
PT-2025-44354
Name of the Vulnerable Software and Affected Versions Drupal JSON Field versions prior to 1.5 Description A flaw exists in Drupal JSON Field that allows for Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. Successful exploitation could...
SUSE CVE-2025-54463
Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body...
WordPress plugin SKT Blocks – Gutenberg based Page Builder 跨站脚本漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin SKT Blocks - Gutenbe...
WordPress Community Events plugin < 1.5 - Event Deletion via CSRF vulnerability
Event Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Community Events versions 1.5...
PT-2022-24371 · Thematosoup · The Fancier Author Box
Name of the Vulnerable Software and Affected Versions: The Fancier Author Box by ThematoSoup WordPress plugin versions prior to 1.5 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html...
CVE-2021-21535
Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system...
Dell Hybrid Client 信息泄露漏洞
DELL Dell Hybrid Client is a software application from Dell USA Inc. It provides a client computing software with hybrid cloud management capabilities. An information disclosure vulnerability exists in Dell Hybrid Client versions prior to 1.5, which can be exploited by a local, unauthenticated...