WordPress Giveaways and Contests by RafflePress Plugin < 1.12.16 is vulnerable to Cross Site Scripting (XSS)

Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions 1.12.16 Fixed in 1.12.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6887 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c69947535c2d Credits...

WordPress plugin Giveaways and Contests by RafflePress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-37928 · WordPress · Giveaways/Contests By Rafflepress

Name of the Vulnerable Software and Affected Versions: Giveaways and Contests by RafflePress WordPress plugin versions prior to 1.12.16 Description: The issue concerns the Giveaways and Contests by RafflePress WordPress plugin, which does not properly sanitise and escape some of its Giveaways...

CVE-2024-34349 Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel

Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The co...

PT-2024-22871

Name of the Vulnerable Software and Affected Versions: Sylius versions 1.12.13 through 1.12.15 Sylius versions prior to 1.13.1 Description: The issue is related to Cross Site Scripting XSS via the "Province" field in Address Book. There is a possibility to save XSS code in the province field in t...

BIT-GOLANG-2020-7919

Go before 1.12.16 and 1.13.x before 1.13.7 and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go allows attacks on clients resulting in a panic via a malformed X.509 certificate...

SUSE CVE-2020-7919

Go before 1.12.16 and 1.13.x before 1.13.7 and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go allows attacks on clients resulting in a panic via a malformed X.509 certificate...

PT-2020-5868 · Go +1 · Crypto/X509 +5

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.12.16 Go versions 1.13.x prior to 1.13.7 crypto/cryptobyte package versions prior to 0.0.0-20200124225646-8b5121be2f68 Description: The issue is related to errors in the certificate authentication procedure in the...

dbus authentication bypass vulnerability

D-Bus is an inter-process communication mechanism provided by the freedesktop.org project and distributed under the GPL license. An authentication bypass vulnerability exists in dbus versions prior to 1.10.28, 1.12.x prior to 1.12.16, and 1.13.x prior to 1.13.12 in Ubuntu. The vulnerability stems...