2 matches found
PT-2023-11851 · WordPress · Kingcomposer
Name of the Vulnerable Software and Affected Versions: The Page Builder: KingComposer plugin for WordPress versions prior to 2.9.4 Description: The issue is related to Stored Cross-Site Scripting via shortcode due to insufficient input sanitization and output escaping. This allows authenticated...
libxml2: Heap-based buffer underreads due to xmlParseName
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service heap-based buffer underread and application crash via a crafted file, involving xmlParseName...