10 matches found
EUVD-2026-16862
Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options...
CVE-2026-33311 @dicebear/core and @dicebear/initials Vulnerable to SVG Injection via Unsanitized Options
DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, SVG attribute values derived from user-supplied options backgroundColor, fontFamily, textColor were not XML-escaped before interpolation into SVG...
CVE-2026-33311 @dicebear/core and @dicebear/initials Vulnerable to SVG Injection via Unsanitized Options
DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, SVG attribute values derived from user-supplied options backgroundColor, fontFamily, textColor were not XML-escaped before interpolation into SVG...
PT-2025-33125 · WordPress · Structured Content (Json-Ld) #Wpsc
Name of the Vulnerable Software and Affected Versions: Structured Content JSON-LD wpsc WordPress plugin versions prior to 1.7.0 Description: The Structured Content JSON-LD wpsc WordPress plugin does not validate and escape certain block options before displaying them within a page or post,...
CVE-2024-4655
The Ultimate Blocks WordPress plugin before 3.1.9 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin ShopLentor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Popup Maker 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Popup Maker < 1.16.11 - Contributor+ Stored Cross Site Scripting
The plugin does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins PoC Create a New popup Insert pop-up name, title, and body text. Add a new trigger with...
CVE-2022-41229
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
DEBIAN-CVE-2011-1930
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options...