WordPress Redux Framework <=4.2.11 - Information Disclosure

WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...

CVE-2025-41026

Reflected Cross Site Scripting XSS vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'applogin.php'...

📄 Textpattern 4.9.0 Cross Site Scripting

Textpattern CMS version 4.9.0 contains a persistent cross site scripting vulnerability in the administrative interface. The vulnerability allows authenticated attackers with administrative privileges to inject malicious JavaScript payloads into site preferences under the Site URL field, which is...

EUVD-2014-9010

Malware in sbrugna...

EUVD-2022-51837

Malicious code in bioql PyPI...

Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2025-1834)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-46117

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=viewproduct=...

VulnCheck KEV: CVE-2022-0653

The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the siteurl parameter found in the /assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto...

Exploit for Use of a One-Way Hash with a Predictable Salt in Redux Gutenberg_Template_Library_\&_Redux_Framework

cve-2021-38314 - Unauthenticated Sensitive Information Disclos...

Jenkins SiteMonitor Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...

Cross site scripting

The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the siteurl parameter found in the /assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a...

getsimplecms 跨站脚本漏洞

getsimplecms is a content management system for individual developers. A cross-site scripting vulnerability exists in getsimplecms, which stems from an XSS vulnerability in the siteURL parameter of the /admin/settings.php page...

jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages...

jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages...

WordPress nd-booking Plugin Unauthorized Operation Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. nd-booking is an online reservation management plugin used in it. A security vulnerability exists in WordPress nd-booking plugin befor...

PT-2019-11778 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.191 and earlier Jenkins LTS versions 2.176.2 and earlier Description: A stored cross-site scripting issue allows attackers with Overall/Administer permission to inject arbitrary HTML and JavaScript in update center web page...

DiliCMS Cross-Site Scripting Vulnerability (CNVD-2019-07939)

DiliCMS is a content management system CMS based on Codelgniter. A cross-site scripting vulnerability exists in the site URL text box in DiliCMS version 2.4.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

CVE-2017-7783

If a long user name is used in a username/password combination in a site URL such as " http://UserName:[email protected]", the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox 55...

ZZCMS 'siteurl' parameter PHP code injection vulnerability

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in ZZCMS version 8.2. The vulnerability can be exploited to inject PHP code by sending 'siteurl' parameter to install/index.php file...

CVE-2014-8492

Multiple cross-site scripting XSS vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 sitename, 2 message, or 3 siteurl parameter...