CVE-2024-44725

AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php...

AutoCMS 安全漏洞

AutoCMS is a content management system CMS from AutoCMS Open Source. It can help dealerships manage their website content, online advertising, social media and analytics. AutoCMS version 5.4 suffers from a SQL injection vulnerability that originates from the lack of validation of externally enter...

CVE-2024-44725

AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php...

CVE-2024-44725

AutoCMS v5.4 is affected by a SQL injection in the sidebar parameter of /admin/robot.php. This CVE (CVE-2024-44725) is documented with a high impact (C/H I/H A/H) and CVSS v3.1 score of 7.2. Root cause: lack of input validation in the sidebar parameter leading to SQL statement manipulation. Explo...

CVE-2024-5226 Fuse Social Floating Sidebar <= 5.4.10 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload

The Fuse Social Floating Sidebar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the file upload functionality in all versions up to, and including, 5.4.10 due to insufficient validation of SVG files. This makes it possible for authenticated attackers, with contributor-level...

WordPress Fuse Social Floating Sidebar plugin <= 5.4.10 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Fuse Social Floating Sidebar versions = 5.4.10...

WordPress plugin Fuse Social Floating Sidebar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

BIT-MEDIAWIKI-2024-40600

An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries...

CVE-2024-40600

An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries...

CVE-2024-40605

An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries...

CVE-2024-40605

An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries...

PT-2024-28938 · Mediawiki · Mediawiki

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.42.1 Description: An issue was discovered in the Tempo skin for MediaWiki. There is stored XSS via MediaWiki:Sidebar top-level menu entries. Recommendations: For versions through 1.42.1, consider disabling the Tem...

CVE-2024-40600

An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries...

PT-2024-28941 · Mediawiki · Mediawiki

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.42.1 and earlier Description: An issue was discovered in the Foreground skin for MediaWiki. There is stored XSS via MediaWiki: Sidebar top-level menu entries. Recommendations: For MediaWiki versions 1.42.1 and earlier,...

WordPress plugin Easy Social Like Box - Popup - Sidebar Widget Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Easy Social Like Box plugin <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Easy Social Like Box – Popup – Sidebar Widget versions = 4.0...

WordPress Easy Social Like Box – Popup – Sidebar Widget Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Software Easy Social Like Box – Popup – Sidebar Widget Type Plugin Vulnerable versions = 4.0 Fixed in 4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5224 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 595d5823e3e8 Credit...

BIT-MEDIAWIKI-2021-45473

In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL aka a page-information sidebar...

BIT-DISCOURSE-2023-36818

Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit 52b003d915. Users are advised to upgrade. There are no known workarounds for this vulnerability...

Hubbub Lite < 1.32.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup As admin, enable the 'Floating Sidebar...