362 matches found
CVE-2024-6948
A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected is an unknown function of the file /slideeditor.php of the component Slide Editor. The manipulation of the argument newSlideFile leads to unrestricted upload. It is possib...
CVE-2024-6948
CVE-2024-6948 affects Gargaj wuhu Slide Editor, specifically the /slideeditor.php file. The vulnerability stems from manipulating the newSlideFile argument, causing unrestricted upload, which can be exploited remotely. Several connected sources confirm the issue but do not provide concrete produc...
CVE-2024-6948 Gargaj wuhu Slide Editor slideeditor.php unrestricted upload
A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected is an unknown function of the file /slideeditor.php of the component Slide Editor. The manipulation of the argument newSlideFile leads to unrestricted upload. It is possib...
CVE-2024-6948 Gargaj wuhu Slide Editor slideeditor.php unrestricted upload
A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected is an unknown function of the file /slideeditor.php of the component Slide Editor. The manipulation of the argument newSlideFile leads to unrestricted upload. It is possib...
PT-2024-37987 · Gargaj · Gargaj
Name of the Vulnerable Software and Affected Versions: Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120 Description: A critical vulnerability has been found in the Slide Editor component of the affected software, specifically in the /slideeditor.php file. The issue arises from the...
GHSA-9MVJ-F7W8-PVH2 Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior...
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior...
GHSA-VC8W-JR9V-VJ7F Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Withdrawn Advisory This advisory is withdrawn because it was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE ha...
CVE-2024-6484
...
WordPress plugin Slider by 10Web Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
Bootstrap Cross-Site Scripting (XSS) vulnerability
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...
Bootstrap Cross-Site Scripting (XSS) vulnerability
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...
CVE-2023-6382
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msslide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'cssclass' attribute. This mak...
PT-2024-14942 · WordPress · The Master Slider
Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.9 Description: The issue arises from insufficient input sanitization and output escaping on the user-supplied css class attribute in the...
CVE-2024-5418
CVE-2024-5418 : The DethemeKit For Elementor WordPress plugin has a Stored Cross-Site Scripting (XSS) flaw in the De Product Tab & Slide widget via the slitems attribute. The issue affects all versions up to 2.1.4 due to insufficient input sanitization and output escaping for user-supplied attrib...
PT-2024-31214 · WordPress · The Master Slider
Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ms slide info' shortcode due to insufficient input...
PT-2024-32315 · WordPress · Testimonial Carousel For Elementor
Name of the Vulnerable Software and Affected Versions: Testimonial Carousel For Elementor plugin for WordPress versions up to, and including, 10.1.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticat...
CVE-2024-3703
The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks...
PT-2024-22206 · WordPress · The Shopkeeper Extender
Name of the Vulnerable Software and Affected Versions: The Shopkeeper Extender plugin for WordPress versions up to, and including, 3.5 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'image slide' shortcode, allowi...
CVE-2024-1449
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's msslide shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...