357 matches found
CVE-2025-31582 WordPress Contact Form vCard Generator plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator allows Stored XSS. This issue affects Contact Form vCard Generator: from n/a through 2.4...
WordPress plugin Contact Form vCard Generator 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
PT-2025-14726 · Unknown · Ashish Ajani Contact Form Vcard Generator
Name of the Vulnerable Software and Affected Versions: Ashish Ajani Contact Form vCard Generator versions n/a through 2.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that ...
PT-2025-31669 · Alpine · Alpine Ilx-507
Name of the Vulnerable Software and Affected Versions: Alpine iLX-507 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected devices. User interaction is required, specifically the target must connect to a malicious Bluetoot...
CVE-2024-45513
An issue was discovered in Zimbra Collaboration ZCS through 10.1. A stored Cross-Site Scripting XSS vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a...
CVE-2024-45513
An issue was discovered in Zimbra Collaboration ZCS through 10.1. A stored Cross-Site Scripting XSS vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a...
CVE-2024-45513
An issue was discovered in Zimbra Collaboration ZCS through 10.1. A stored Cross-Site Scripting XSS vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a...
CVE-2024-45513
An issue was discovered in Zimbra Collaboration ZCS through 10.1. A stored Cross-Site Scripting XSS vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a...
PT-2024-31672 · Zimbra · Zimbra Collaboration
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions prior to 10.1.1 Description: A stored Cross-Site Scripting XSS issue exists in the "/modern/contacts/print" endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code ...
SourceCodester Contact Manager with Export to VCF 跨站脚本漏洞
SourceCodester Contact Manager with Export to VCF is an open source contact manager from SourceCodester. A cross-site scripting vulnerability exists in SourceCodester Contact Manager with Export to VCF version 1.0, which stems from the parameter contactname in the file index.html that can lead to...
The vulnerability of cloud-based software for creating and using NextCloud Server’s data storage system is related to lack of access control. This allows a malicious individual to modify or delete VCards from the system address book on the NextCloud server.
The vulnerability of the index.php component in the Enterprise Server software package, a cloud-based software for creating and managing data storage in NextCloud Server, is related to inadequate access control mechanisms. Exploiting this vulnerability could allow an attacker to remotely modify o...
WordPress QR code MeCard/vCard generator Plugin <= 1.6.0 is vulnerable to Broken Access Control
Software QR code MeCard/vCard generator Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-38477 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9f9bd59f2364 Credits Abdi Pranata...
Nextcloud 访问控制错误漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in NextCloud Server that originates from allowing a malicious server to modify or delete VCard in the source...
SUSE CVE-2003-0988
Buffer overflow in the VCF file information reader for KDE Personal Information Management kdepim suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file...
SUSE CVE-2004-0903
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing...
SUSE CVE-2005-2549
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 full vCard data, 2 contact data from remote LDAP servers, or 3 task list data from remote servers...
SUSE CVE-2006-2781
Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service hang and possibly execute arbitrary code via a VCard that contains invalid base64 characters...
SUSE CVE-2006-3474
Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the 1 catid parameter to a gbrowse.php, 2 cardid parameter to b rating.php and c create.php, and the 3 eventid parameter to d search.php...
SUSE CVE-2006-3804
Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service crash via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow...
openSUSE Security Update : MozillaThunderbird (openSUSE-2021-93)
This update for MozillaThunderbird fixes the following issues : - Mozilla Thunderbird 78.6.1 - changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and defaultlabel properties bmo1583478 - fixed: Running a quicksearch that returned no...