127 matches found
CVE-2024-34398
The CVE-2024-34398 entry concerns BMC Remedy Mid Tier 7.6.04 where the web application is vulnerable to stored HTML injection. The vulnerability is triggered by authenticated remote attackers and has a CVSS v3.1 base score of 4.2 (Medium). The underlying impact is limited to confidentiality and i...
BMC Remedy Mid Tier 安全漏洞
BMC Remedy Mid Tier is an application from BMC USA, Inc. It is used to act as a client for the Remedy AR System server and a server for the browser. A security vulnerability exists in BMC Remedy Mid Tier version 7.6.04 that originates from allowing an authenticated, remote attacker to perform...
GHSA-WW33-JPPQ-QFRP phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped...
CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...
CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...
CVE-2024-55059
A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php...
CVE-2024-55059
A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php...
CVE-2024-55059
CVE-2024-55059 concerns HTML injection in the PHPGurukul Online Birth Certificate System v1.0, triggered by input submitted to /user/certificate-form.php. Connected sources consistently describe the vulnerability as arising from insufficient filtering/escaping of user data, allowing injection of ...
CVE-2024-9174
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI...
CVE-2024-9174 Stored HTML Injection in Hubshare social module
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI...
CVE-2024-34697 Freescout vulnerable to Stored HTML Injection in Editing Received Emails
FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...
CVE-2023-6046
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...
CVE-2023-6046
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...
Design/Logic Flaw
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...
CVE-2023-6046 EventON < 2.2 - Admin+ Stored HTML Injection
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...
CVE-2023-6046 EventON < 2.2 - Admin+ Stored HTML Injection
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...
CVE-2023-6046
The CVE-2023-6046 entry describes a vulnerability in the EventON WordPress plugin prior to version 2.2. The issue is caused by insufficient sanitization and escaping of certain settings, enabling stored HTML injection by high-privilege users (e.g., admins) even when unfiltered_html is disallowed....
PT-2024-14861 · WordPress · Eventon
Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 2.2 Description: The issue allows high privilege users, such as admin, to perform Stored HTML Injection attacks even when the unfiltered html capability is disallowed, due to the plugin not sanitizin...
WordPress plugin EventON security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
EventON < 2.2 - Admin + Stored HTML Injection
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed. 1. Go to the Virtual Event - This is a virtual online event. 2. Configure...