69 matches found
SQL Injection
Overview studio-42/elfinder is an open-source file manager for web, written in JavaScript using jQuery UI. Affected versions of this package are vulnerable to SQL Injection in the elFinderVolumeMySQL process when handling the target parameter. An attacker can access unauthorized data or cause...
CVE-2026-1806
The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'target' parameter of the tourcmsdoclink shortcode in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possib...
EUVD-2026-13989
The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'target' parameter of the tourcmsdoclink shortcode in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-1806
The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'target' parameter of the tourcmsdoclink shortcode in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possib...
PT-2026-26816
The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'target' parameter of the tourcms doc link shortcode in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-28415
Gradio prior to 6.6.0 exposes an open redirect in the OAuth flow: _redirect_to_target() accepts an unvalidated _target_url, enabling redirection to arbitrary external URLs via /logout and /login/callback for apps using gr.LoginButton (e.g., Hugging Face Spaces). Starting with 6.6.0, the _target_u...
CVE-2019-25421
Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. Attackers can submit POST requests with JavaScript payloads in the mac, target, and remark parameters to execute arbitrary code in...
CVE-2019-25422
CVE-2019-25422 affects Comodo Dome Firewall 2.7.0 and describes cross-site scripting vulnerabilities in the vpnfw endpoint. The weakness allows attackers to inject scripts via the target parameter (reflected XSS) or the remark parameter (stored XSS), potentially leading to execution of arbitrary ...
CVE-2019-25421
Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. Attackers can submit POST requests with JavaScript payloads in the mac, target, and remark parameters to execute arbitrary code in...
PT-2026-20824
Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. Attackers can submit POST requests with JavaScript payloads in the mac, target, and remark parameters to execute arbitrary code in...
CVE-2011-0908
Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526...
CVE-2011-0526
Cross-site scripting XSS vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action...
CVE-2025-13885
The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' and 'target' parameters in the button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
EUVD-2025-202970
The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' and 'target' parameters in the button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
PT-2025-50828
The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' and 'target' parameters in the button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
EUVD-2012-1238
Malware in sbrugna...
EUVD-2021-26367
Malware in sbrugna...
EUVD-2008-0221
Malware in sbrugna...
EUVD-2020-4044
Malware in sbrugna...
EUVD-2011-0546
Malware in sbrugna...