8 matches found
CVE-2026-25309
Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through = 4.10.1...
WordPress plugin PublishPress Authors 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2026-25490
CVE-2026-25490 describes a stored XSS in Craft Commerce (Craft CMS) affecting versions 4.0.0-RC1–4.10.0 and 5.0.0–5.5.1. The vulnerability stems from improper sanitization of the Address Line 1 field in Inventory Locations, allowing malicious JavaScript to run in an administrator’s browser when t...
CVE-2026-25485 Craft Commerce has Stored XSS in Shipping Categories (Name & Description) Fields Leading to Potential Privilege Escalation
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Categories Name &...
GHSA-774Q-R975-VQWP Mayan EDMS is vulnerable to XSS through the /authentication/ file
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is...
PT-2025-38927
Name of the Vulnerable Software and Affected Versions artbees JupiterX Core versions through 4.10.1 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious code can be...
Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2019-12692)
Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon versions 4.6.0 through 4.10.1, which originates from...
Cybozu Garoon Privilege Access Control Issue Vulnerability (CNVD-2019-12697)
Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A vulnerability exists in Cybozu Garoon versions 4.0.0 to 4.10.1 due to privilege permission and access control...