2 matches found
CVE-2026-21451
Bagisto’s CMS page editor contains a stored XSS vulnerability in versions prior to 2.3.10. The issue arises because server-side sanitization is insufficient and the UI-level filter can be bypassed by tampering the raw HTTP POST payload, allowing arbitrary JavaScript to be stored and executed when...
VulnCheck KEV: CVE-2024-27971
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through 2.3.10...