29 matches found
BIT-PRESTASHOP-2026-33674 PrestaShop: Improper Use of Validation Framework
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...
CVE-2026-33673
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...
CVE-2026-33674
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...
CVE-2026-33674 PrestaShop: Improper Use of Validation Framework
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...
CVE-2026-33673 PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...
CVE-2026-33673 PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...
GHSA-35PF-37C6-JXJV PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables
Impact Multiple stored Cross-Site Scripting stored XSS vulnerabilities in the BO: an attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates. Patches Patched on 8.2.5 and 9.1....
CVE-2025-67471
Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through = 8.2.5...
WordPress WoodMart plugin <= 8.2.5 - Unauthenticated Post Disclosure vulnerability
Unauthenticated Post Disclosure vulnerability discovered by stealthcopter in WordPress Theme WoodMart versions = 8.2.5...
WordPress plugin WP Customer Area 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Pydio Core <= 8.2.5 XSS Vulnerability
Pydio Core is prone to a cross-site scripting XSS vulnerability via the New URL Bookmark feature. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
Pydio Core 安全漏洞
Pydio Core is a document sharing and collaboration platform core program from Pydio, Inc. A security vulnerability exists in Pydio Core 8.2.5 and earlier versions, which stems from a cross-site scripting vulnerability in the New URL Bookmark feature...
SUSE-SU-2025:20011-1 Security update for qemu
This update for qemu fixes the following issues: - Update to version 8.2.5: target/loongarch: fix a wrong print in cpu dump ui/sdl2: Allow host to power down screen target/i386: fix SSE and SSE2 feature check target/i386: fix xsave.flat from kvm-unit-tests disas/riscv: Decode all of the pmpcfg an...
WordPress WP VR Plugin <= 8.2.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP VR Type Plugin Vulnerable versions = 8.2.5 Fixed in 8.2.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer WPFunnels Team PSID 93df9c4109e0 Credits István Márton Required privile...
WordPress theme Soledad premium 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2022-26073 · WordPress · Soledad
Name of the Vulnerable Software and Affected Versions: Soledad premium theme version 8.2.5 and earlier Description: A Cross-Site Scripting XSS issue affects the Soledad premium theme on WordPress, specifically for users with subscriber or higher authentication. This issue allows for malicious...
WordPress theme soledad 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress theme is a theme for WordPress. cross-site scripting vulnerability exists in versions prior to WordPress soledad 8.2.5, which stems from its failure to clear a certain parameter, an...
Tenable Nessus Agent < 8.2.5 Multiple Vulnerabilities (TNS-2021-12)
Tenable Nessus Agent is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessusagent";...
CVE-2016-2075
Cross-site scripting XSS vulnerability in VMware vRealize Business Advanced and Enterprise 8.x before 8.2.5 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
PHP Address Book - addressbookregisterchecklogin.php?Username SQL Injection
PHP Address Book - addressbookregisterchecklogin.php?Username SQL Injection source: https://www.securityfocus.com/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. A successful exploit may allow an...