7 matches found
CVE-2024-51915
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through = 6.5.2...
CVE-2025-67725 Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...
CVE-2021-31852
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which coul...
WordPress LiteSpeed Cache plugin <= 6.5.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by TaiYou Patchstack Alliance in WordPress Plugin LiteSpeed Cache versions = 6.5.2...
WordPress Intro Tour Tutorial DeepPresentation plugin <= 6.5.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by thiennv in WordPress Plugin Intro Tour Tutorial DeepPresentation versions = 6.5.2...
WordPress 跨站脚本漏洞
WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Core 6.5.2 and earlier versions, which stems from insufficient...
Atlassian Confluence Cross-Site Scripting Vulnerability (CNVD-2018-00231)
Atlassian Confluence is a teamwork software written in Java and used primarily in enterprise environments. A cross-site scripting vulnerability exists in the RSS Feed macro in Atlassian Confluence before 6.5.2. A remote attacker can exploit this vulnerability to inject arbitrary HTML or JavaScrip...