Cross-site Scripting (XSS)

starcitizenwiki/embedvideo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper restriction of HTML attributes in the video embedding functionality, which allows an attacker to inject and execute arbitrary web scripts through crafted wikitext...

WordPress muse.ai video embedding cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress muse.ai video embedding, which stems from insufficient input cleanup and output escaping, and can be exploited by a...

CVE-2025-6262 muse.ai video embedding <= 0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via muse-ai Shortcode

The muse.ai video embedding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's muse-ai shortcode in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2025-6262 muse.ai video embedding <= 0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via muse-ai Shortcode

The muse.ai video embedding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's muse-ai shortcode in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2023-23074

Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component...

A Study on Audio Synchronous Steganography Detection and Distributed Guide Inference Model Based on Sliding Spectral Features and Intelligent Inference Drive

With the rise of short video platforms in global communication, embedding steganographic data in audio synchronization streams has emerged as a new covert communication method. To address the limitations of traditional techniques in detecting synchronized steganography, this paper proposes a...

GHSA-PGVH-P3G4-86JW AVideo contains Command injection when embedding a video link

Impact: An attacker could execute remote code on a system running wwbn/avideo Step to Reproduce: 1. Go to the My Videos tab https://demo.avideo.com/mvideos 2. Click "Embed a video link" Append a command to the url as a query string. eg. ?whoami then click Save This issue has been resolved in comm...

ZOHO ManageEngine ServiceDesk Plus 跨站脚本漏洞

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates Incident Management, Problem Management, Asset Management IT Project Management, Procurement and Contract Management and oth...

CVE-2023-23074

Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component...

Yellowfin Cross-Site Scripting Vulnerability

Yellowfin is a business intelligence automated analytics, cross-vendor narrative and collaboration software suite. A stored cross-site scripting vulnerability exists in the video embedding feature in Yellowfin versions prior to 9.6.1. An attacker can exploit this vulnerability by sending a...

Yellowfin Business Intelligence Yellowfin 跨站脚本漏洞

Yellowfin is a business intelligence automated analytics, cross-vendor narrative and collaboration software suite. A stored cross-site scripting vulnerability exists in the video embedding feature in Yellowfin versions prior to 9.6.1. An attacker can exploit this vulnerability by sending a...

Hubei Tao code thousand dimensional information technology limited company gold micro cell phone mall system exists arbitrary file deletion vulnerability

Jinwei mobile mall system is suitable for micro-business customers with public number, imitating the page layout of the hand Tao, support embedded video playback. Support customized model specifications, the main specifications support attached pictures, each subdivided model support inventory...