Lucene search
K

4 matches found

OSV
OSV
added 2022/05/30 9:15 a.m.6 views

CVE-2022-1566

The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. The attack could also be performed by tricking an admin to import a malicious CS...

4.8CVSS5.8AI score0.0064EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/05/30 12:0 a.m.5 views

PT-2022-13965 · WordPress · Quotes Llama Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Quotes llama WordPress plugin versions prior to 1.0.0 Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks even when unfiltered html is disallowed. This can be achieved by exploiting the...

4.8CVSS4.7AI score0.0064EPSS
Exploits2References4
Snyk
Snyk
added 2020/12/11 5:44 p.m.4 views

Command Injection

Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection. The sanitizeShellString function does not sanitize quotation marks, which could be leveraged by an attacker to execute arbitrary commands. PoC const si ...

8.8CVSS7.2AI score0.02712EPSS
Exploits0References2
Node.js
Node.js
added 2018/04/20 9:52 p.m.64 views

Failure to sanitize quotes which can lead to sql injection

Overview All versions of squel are vulnerable to sql injection. The squel package does not properly escape user provided input when provided using the setFields method. This could lead to sql injection if the query was then executed. Proof of concept demonstrating the injection of a single quote...

7.1AI score
Exploits0Affected Software1
Rows per page
Query Builder