CVE-2026-28137 WordPress MediCenter - Health Medical Clinic WordPress Theme theme <= 14.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Reflected XSS.This issue affects MediCenter - Health Medical Clinic: from n/a through = 14.9...

CVE-2026-28137

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Reflected XSS.This issue affects MediCenter - Health Medical Clinic: from n/a through = 14.9...

Design/Logic Flaw

Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" visible in the kanban and P...

WordPress plugin Yoast Local SEO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Yoast SEO: Local Plugin <= 14.9 is vulnerable to Cross Site Scripting (XSS)

Software Yoast SEO: Local Type Plugin Vulnerable versions = 14.9 Fixed in 15.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28785 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 24eda6213577 Credits Rafie Muhammad Patchstac...

WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Scripting (XSS)

Software Yoast SEO: Local Type Plugin Vulnerable versions = 14.8 Fixed in 14.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32300 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 28e5acd1438d Credits Rafie Muhammad...

XWiki 12.10 < 13.10.10, 14.x < 14.4.7, 14.5.x < 14.9 XSS Vulnerability (GHSA-32fq-m2q5-h83g)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki 14.3-rc-1 < 14.4.6, 14.5.x < 14.9 Exposed Dangerous Class Vulnerability (GHSA-8692-g6g9-gm5p)

Xwiki is prone to an exposed dangerous class vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki 6.2.4 < 13.10.10, 14.x < 14.4.6, 14.5.x < 14.9 Eval Injection Vulnerability (GHSA-x2qm-r4wx-8gpg)

Xwiki is prone to an eval injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

CVE-2023-26479 org.xwiki.platform:xwiki-platform-rendering-parser vulnerable to Improper Handling of Exceptional Conditions

XWiki Platform is a generic wiki platform. Starting in version 6.0, users with write rights can insert well-formed content that is not handled well by the parser. As a consequence, some pages becomes unusable, including the user index if the page containing the faulty content is a user page and t...

CVE-2023-26480 XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data

XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds...

GitLab 13.2 < 14.8.6 / 14.9.x < 14.9.4 / 14.10.x < 14.10.1 Information Disclosure

According to its self-reported version, the instance of GitLab running on the remote web server is 13.2 prior to 14.8.6, 14.9.x prior to 14.9.4, or 14.10.x prior to 14.10.1. It is, therefore, affected by the following vulnerability: - An information disclosure vulnerability exists in confidential...

Cross site scripting

An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS...

GitLab < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.9.2 Multiple Vulnerabilities

According to its self-reported version, the instance of GitLab running on the remote web server is prior to 14.7.7 14.8.x prior to 14.8.5, or 14.9.x prior to 14.9.2. It is, therefore, affected by the following vulnerabilities: - Adding a very large number of tags to a runner in GitLab CE/EE allow...

GitLab 12.1.x < 14.7.7, 14.8.x < 14.8.5, 14.9.x < 14.9.2 SSRF Vulnerability

GitLab is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GitLab 13.11.x < 14.7.7, 14.8.x < 14.8.5, 14.9.x < 14.9.2 Access Control Vulnerability

GitLab is prone to an access control vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if descriptio...

GitLab 14.4.x < 14.7.7, 14.8.x < 14.8.5, 14.9.x < 14.9.2 XSS Vulnerability

GitLab is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 14.7.x < 14.7.7, 14.8.x < 14.8.5, 14.9.x < 14.9.2 Hardcoded Password Vulnerability

GitLab is prone to a hardcoded password vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 12.2.x < 14.7.7, 14.8.x < 14.8.5, 14.9.x < 14.9.2 Information Disclosure Vulnerability

GitLab is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 11.5.x < 14.7.7, 14.8.x < 14.8.5, 14.9.x < 14.9.2 Access Token Reuse Vulnerability

GitLab is prone to an access token reuse vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...