CVE-2022-1717

The Custom Share Buttons with Floating Sidebar WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...

CVE-2022-1717

The Custom Share Buttons with Floating Sidebar WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...

CVE-2022-1717

The CVE-2022-1717 entry affects the WordPress plugin “Custom Share Buttons with Floating Sidebar” (versions before 4.2). The root cause is inadequate sanitisation/escaping of certain settings, enabling Stored XSS when unfiltered_html is disallowed and high-privilege users (e.g., admins) could exp...

CVE-2022-1717 Custom Share Buttons with Floating Sidebar < 4.2 - Admin+ Stored XSS

The Custom Share Buttons with Floating Sidebar WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...

WordPress plugin Custom Share Buttons with Floating Sidebar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Custom Share Buttons with Floating Sidebar plugin versions prior to 4.2 are vulnerable to a...

CVE-2022-24004

A Stored Cross-Site Scripting XSS vulnerability was discovered in Messenger/messengerajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title aka newtitle field when editing an existing conversation. The payload executes in the browser...

CVE-2022-30814

elitecms v1.01 is vulnerable to SQL Injection via /admin/addsidebar.php...

CVE-2022-30816

elitecms 1.01 is vulnerable to SQL Injection via /admin/editsidebar.php...

CVE-2022-30815

elitecms 1.01 is vulnerable to SQL Injection via admin/editsidebar.php?page=2&sidebar=...

CVE-2022-30815

elitecms 1.01 is vulnerable to SQL Injection via admin/editsidebar.php?page=2&sidebar=...

elitecms SQL注入漏洞

Elitecms is a web content management from elitecms India. elitecms version 1.01 is vulnerable to SQL injection, which originates from admin/editsidebar.php?page=2 & sidebar The page sidebar parameter lacks validation for external input SQL statements, and an attacker could exploit the vulnerabili...

elitecms SQL注入漏洞

Elitecms is a web content management by elitecms India. elitecms version 1.01 has a SQL injection vulnerability, which originates from the /admin/editsidebar.php page page parameter lack of validation of external input SQL statements, an attacker can use this vulnerability to execute illegal SQL...

CVE-2022-30816

elitecms 1.01 is vulnerable to SQL Injection via /admin/editsidebar.php...

OPENSUSE-SU-2022:0147-1 Security update for opera

This update for opera fixes the following issues: Update to 87.0.4390.25: - CHR-8870 Update chromium on desktop-stable-101-4390 to 101.0.4951.64 - DNA-99209 Enable easy-files-multiupload on all streams - DNA-99325 Use a preference to set number of recent searches and recently closed in unfiltered...

WordPress Custom Share Buttons with Floating Sidebar plugin <= 4.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Custom Share Buttons with Floating Sidebar plugin versions = 4.1. Solution Update the WordPress Custom Share Buttons with Floating Sidebar plugin to the latest available version at least 4.2...

Persisted XSS Vulnerability in Jenkins Sidebar Link Plugin

The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links...

GHSA-477R-V22Q-R42F Persisted XSS Vulnerability in Jenkins Sidebar Link Plugin

The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links...

com.cloudbees.jenkins.plugins:additional-identities-plugin (=1.1), com.exxeta.jenkins.plugins:sidebar-update-notification (>=1.0.1 <=1.1.0) +60 more potentially affected by CVE-2013-0330 via org.jenkins-ci.main:jenkins-core (>=1.481 <=1.501)

org.jenkins-ci.main:jenkins-core MAVEN version =1.481, =1.0.1, =1.15, =1.1, =1.0, =1.0.3, =0.2.0, =0.1.0, =1.0.0, =1.0.5, =1.481, =1.501 and more Source cves: CVE-2013-0330 Source advisory: OSV:GHSA-25C5-58XW-HW5Q...

WordPress Fuse Social Floating Sidebar plugin <= 5.4.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Fuse Social Floating Sidebar plugin versions = 5.4.2. Solution Update the WordPress Fuse Social Floating Sidebar plugin to the latest available version at least 5.4.3...

WordPress Blog Sidebar Widget plugin <= 1.0.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Blog Sidebar Widget plugin versions = 1.0.5. Solution No patched version available...