129 matches found
CVE-2025-24214
CVE-2025-24214: A privacy issue where text-field contents were logged; fixed in visionOS 2.4, iOS 18.4/iPadOS 18.4, tvOS 18.4, and macOS Sequoia 15.4. The CVSS details indicate a LOCAL attack with LOW complexity and USER INTERACTION required, and the impact is confidentiality loss. The issue coul...
CVE-2025-24214
A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data...
CVE-2024-38503 Apache Syncope: HTML tags can be injected into Console or Enduser text fields
When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to...
Apache Syncope 输入验证错误漏洞
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope suffers from an input validation error vulnerability that c...
GHSA-6HH6-59J2-QRXW Silverstripe History XSS Vulnerability
A cross-site scripting vulnerability has been discovered in the CMS page history tab. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the text fields on a page, and if the "compare mode" option is selected. The HTML will be...
PT-2024-22442 · Unknown · Campcodes Online Marriage Registration System
Name of the Vulnerable Software and Affected Versions: Campcodes Online Marriage Registration System version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form. This is a Cross Site Scripting vulnerability...
CVE-2024-23242
A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to view Mail data...
CVE-2024-23242
A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to view Mail data...
PT-2024-19737 · Apple · Macos Sonoma +3
Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.4 iOS versions prior to 17.4 iPadOS versions prior to 17.4 Description: A privacy issue was addressed by not logging contents of text fields, which could allow an app to view Mail data. Recommendations: For...
PT-2024-15058 · WordPress · Advanced Custom Fields Pro
Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields ACF plugin for WordPress versions up to, and including, 6.2.4 Description: The issue is related to Stored Cross-Site Scripting via a custom text field due to insufficient input sanitization and output escaping. This...
CVE-2023-42874
This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard...
CVE-2023-42874
This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard...
Design/Logic Flaw
This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard...
CVE-2023-42874
CVE-2023-42874 (Apple macOS Sonoma 14.2) is due to an issue where secure text fields could be displayed via the Accessibility Keyboard when using a physical keyboard. The root cause is reported as improved state management. Exploitation details are not provided in the documents. Impact is that se...
PT-2023-28624 · Apple · Macos Sonoma +1
Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.2 Description: This issue was addressed with improved state management. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard. Recommendations: For macOS Sonoma...
Apple macOS Sonoma Security Vulnerability
Apple macOS Sonoma is a desktop operating system by Apple Inc. A security vulnerability exists in Apple macOS Sonoma version 14.2, which can be exploited to display secure text fields via a secondary keyboard when using a physical keyboard...
PrestaShop Cross-Site Scripting Vulnerability
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A security vulnerability exists in PrestaShop Opart opartmultihtmlblock version 2.0.1...
CVE-2023-41066
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields...
CVE-2023-41066
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields...
Authentication flaw
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields...