CVE-2022-35587

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter...

CVE-2022-35590

A cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "enddate" Parameter...

EUVD-2024-45918

Malicious code in bioql PyPI...

EUVD-2022-6602

Malicious code in bioql PyPI...

EUVD-2023-51112

Malicious code in bioql PyPI...

EUVD-2022-6600

Malicious code in bioql PyPI...

EUVD-2022-6523

Malicious code in bioql PyPI...

CVE-2023-46953

SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module...

CVE-2022-35589

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishontime" Parameter...

PT-2025-2035 · Sonaar · Mp3 Audio Player – Music Player

Name of the Vulnerable Software and Affected Versions: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress versions up to, and including, 5.9.3 Description: The issue is related to Stored Cross-Site Scripting via Podcast RSS Feed due to insufficient input...

WordPress plugin Premium Packages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress Premium Packages Plugin <= 5.9.3 is vulnerable to Cross Site Scripting (XSS)

Software Premium Packages Type Plugin Vulnerable versions = 5.9.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10164 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e294ff14d79a Credits Peter Thaleikis Required...

WordPress plugin Premium Packages SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress Premium Packages Plugin <= 5.9.5 is vulnerable to SQL Injection

Software Premium Packages Type Plugin Vulnerable versions = 5.9.5 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-52435 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID d5408dddb735 Credits Jorge Diaz ddiax Required privilege Administrator...

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-6127

CVE-2024-6127 affects BC Security Empire before 5.9.3. It is a path-traversal vulnerability that can enable remote code execution. An unauthenticated attacker can trigger the issue over HTTP by acting as a normal agent, completing cryptographic handshakes, and uploading payload data containing a ...

Time4J Base 安全漏洞

Time4J is an advanced date, time and interval library for Java by the individual developer Meno Hochschild. A security vulnerability exists in Time4J Base version v5.9.3 that stems from the presence of a null pointer exception...

PT-2024-13395 · Abo.Cms · Abo.Cms

Name of the Vulnerable Software and Affected Versions: ABO.CMS version 5.9.3 Description: A Cross Site Scripting issue allows an attacker to execute arbitrary code via a crafted payload to the Referer header. This enables the attacker to perform unauthorized actions on the affected system...

GHSA-Q4QV-3X58-RXMH ForkCMS XSS via `publish_on_time` parameter

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the publishontime Parameter. This issue was patched in version 5.11.0...

ForkCMS XSS via `publish_on_date` parameter

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the publishondate Parameter. This issue was patched in version 5.11.0...