145 matches found
PT-2024-39640 · WordPress · Auto Iframe
Name of the Vulnerable Software and Affected Versions: Auto iFrame plugin for WordPress versions up to, and including, 1.7 Description: The issue is related to Stored Cross-Site Scripting via the tag parameter due to insufficient input sanitization and output escaping. This allows authenticated...
WordPress Auto iFrame plugin <= 1.7 - Authenticated (Author+) Stored Cross-Site Scripting via tag Parameter vulnerability
Authenticated Author+ Stored Cross-Site Scripting via tag Parameter vulnerability discovered by tjoffe in WordPress Plugin Auto iFrame versions = 1.7...
CVE-2024-44777
A reflected cross-site scripting XSS vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
CVE-2024-44777
vTiger CRM 7.4.0 is affected by a reflected XSS in the tag parameter on the index page, enabling an attacker to execute arbitrary code in a user’s browser. The vulnerability is described across multiple sources (RH and NVD/NVD-derived records) with attacker-controlled payloads triggering code exe...
CVE-2024-44777
A reflected cross-site scripting XSS vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
PT-2024-26328 · WordPress · The Ultimate Blocks
Name of the Vulnerable Software and Affected Versions: The Ultimate Blocks – WordPress Blocks Plugin versions up to, and including, 3.1.9 Description: The issue is related to Stored Cross-Site Scripting via the title tag parameter due to insufficient input sanitization and output escaping. This...
PT-2024-32308 · WordPress · The Cowidgets – Elementor Addons
Name of the Vulnerable Software and Affected Versions: The Cowidgets – Elementor Addons plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is related to Stored Cross-Site Scripting via the heading tag parameter due to insufficient input sanitization and output...
CVE-2024-4624
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugins for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eaelexttoctitletag’ parameter in versions up to, and including, 5.9.20 due to insufficient input sanitization and output...
WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter vulnerability
Authenticated Author+ Stored Cross-Site Scripting via titletag Parameter vulnerability discovered by João G. Barbosa 4rCanJ0x! in WordPress Plugin Visual Portfolio, Photo Gallery & Post Grid versions = 3.3.2...
CVE-2024-1396
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
BEESCMS Cross-Site Scripting Vulnerability
BEESCMS is a scalable content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in BEESCMS version 4.0, which stems from the fact that incorrect manipulation of the parameter tag can lead to cross-site scripting...
Infosoftbd Clcknshop SQL Injection Vulnerability
Infosoftbd Clcknshop is a multi-tenant/multi-tenant SAAS based e-commerce platform from Infosoftbd. Infosoftbd Clcknshop suffers from a SQL injection vulnerability that stems from the fact that incorrect manipulation of the parameter tag can lead to sql injection...
PT-2023-30297 · Infosoftbd · Clcknshop
Name of the Vulnerable Software and Affected Versions: Infosoftbd Clcknshop version 1.0.0 Description: A critical issue affects the processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the tag argument leads to sql injection. The attack may be initiat...
FOG Forum 0.8 Cross Site Scripting
==================================================================================================================================== | Title : FOG Forum v0.8 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...
Easy Web Portal 2.1.1 Cross Site Scripting
==================================================================================================================================== | Title : Easy Web Portal v2.1.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | |...
Clip Share 4.1.4 Cross Site Scripting
==================================================================================================================================== | Title : Clip Share 4.1.4 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....
GHSA-38JC-2RWX-QGXR Jenkins Image Tag Parameter Plugin improperly introduces option to opt out of SSL/TLS certificate validation
Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries. Job configurations using Image Tag Parameters that were created before 2.0 will have SSL/TLS certificate validation disabled by default...
CVE-2023-30516
Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by defau...
CVE-2023-30516
Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by defau...