76 matches found
Cross-site Scripting (XSS)
Overview org.webjars.bowergithub.davidstutz:bootstrap-multiselect is a JQuery multiselect plugin based on Twitter Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the post.php script. An attacker can execute scripts in the context of the user's brows...
CVE-2025-30843 WordPress bizcalendar-web plugin <= 1.1.0.34 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in setriosoft bizcalendar-web bizcalendar-web allows SQL Injection.This issue affects bizcalendar-web: from n/a through = 1.1.0.34...
CVE-2024-13010
The CVE-2024-13010 entry concerns the WordPress WP Foodbakery plugin (affected: WP Foodbakery
WordPress Plugin Crypto Converter Widget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
SUSE CVE-2006-2802
Buffer overflow in the HTTP Plugin xinepluginphttp.so for xine-lib 1.1.1 allows remote attackers to cause a denial of service application crash via a long reply from an HTTP server, as demonstrated using gxine 0.5.6...
SUSE CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
SUSE CVE-2012-3422
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instancetoidmap hash is empty, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted web page, which causes an...
CVE-2022-38075
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Mantenimiento web plugin = 0.13 on WordPress...
CVE-2022-38075
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Mantenimiento web plugin = 0.13 on WordPress...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Mantenimiento web plugin = 0.13 on WordPress...
CVE-2022-38075 WordPress Mantenimiento web plugin <= 0.13 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Mantenimiento web plugin = 0.13 on WordPress...
CVE-2022-38075
CVE-2022-38075 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin “Mantenimiento web”
PT-2022-24188 · WordPress · Mantenimiento Web Plugin
Name of the Vulnerable Software and Affected Versions: Mantenimiento web plugin versions = 0.13 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that leads to Stored Cross-Site Scripting XSS. This means an attacker can trick a user into performing unintended actions on a...
CVE-2022-41980
Auth. admin+ Cross-Site Scripting XSS vulnerability in Mantenimiento web plugin = 0.13 on WordPress...
Cross site scripting
Auth. admin+ Cross-Site Scripting XSS vulnerability in Mantenimiento web plugin = 0.13 on WordPress...
CVE-2022-41980 WordPress Mantenimiento web plugin <= 0.13 - Auth. Cross-Site Scripting (XSS) vulnerability
Auth. admin+ Cross-Site Scripting XSS vulnerability in Mantenimiento web plugin = 0.13 on WordPress...
CVE-2022-41980
The CVE-2022-41980 entry concerns the WordPress Mantenimiento web plugin, versions ≤ 0.13, where authenticated attackers with admin+ privileges can trigger Cross‑Site Scripting (XSS). Multiple sources describe the issue as an XSS vulnerability arising from unsanitized/uncleaned plugin settings, p...
PT-2022-26198 · Unknown · Mantenimiento Web Plugin
Name of the Vulnerable Software and Affected Versions: Mantenimiento web plugin versions = 0.13 Description: The issue is related to an authenticated Cross-Site Scripting XSS vulnerability. This means that an attacker who has admin or higher privileges can inject malicious scripts into the websit...
CVE-2022-38075
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Mantenimiento web plugin = 0.13 on WordPress...
WordPress Mantenimiento web plugin <= 0.13 - Auth. Cross-Site Scripting (XSS) vulnerability
Auth. Cross-Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in the WordPress Mantenimiento web plugin versions = 0.13. Solution Update the WordPress Mantenimiento web plugin to the latest available version at least 0.14...