CVE-2024-12127

The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. This...

PT-2024-35886 · WordPress · Sparkle Wp Sparkle Elementor Kit

Name of the Vulnerable Software and Affected Versions: Sparkle WP Sparkle Elementor Kit versions through 2.0.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This is a Cross-site...

CVE-2024-49701

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Theme Horse Mags.This issue affects Mags: from n/a through 1.1.6...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2024-5663

The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CLSA-2024-1716485568 php: Fix of 2 CVEs

CVE-2022-4900: sapi/cli/phpcliserver.c: Prevent potential buffer overflow for large value of phpcliserverworkersmax - CVE-2023-3247: ext/soap/phphttp.c: Fix missing randomness check and insufficient random bytes...

CMSimple 安全漏洞

CMSimple is a free content management system. A security vulnerability exists in CMSimple version v5.15. An attacker can exploit the vulnerability to execute arbitrary web script or HTML...

CVE-2023-31506

CVE-2023-31506 : Grav CMS versions 1.7.44 and earlier are vulnerable to an XSS issue where an authenticated remote attacker can inject arbitrary web scripts/HTML via the onmouseover attribute on an ISINDEX element. The public documents consistently describe the vulnerable component (Grav), the ve...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

USN-6199-2 php7.0, php7.2 vulnerability

USN-6199-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose...

php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...

PT-2023-4278 · Cockpit · Cockpit

Name of the Vulnerable Software and Affected Versions: Cockpit versions prior to 2.6.3 Description: The issue is related to incorrect management of file names for PHP include or require functions in the Cockpit server management system. This can allow a remote attacker to execute arbitrary code...

Google Golang Cross-Site Scripting Vulnerability

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

CVE-2023-37135

A stored cross-site scripting XSS vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-30205

CVE-2023-30205 affects DouPHP v1.7 with a stored XSS in the admin/article.php endpoint, via the unique_id parameter. The vulnerability could permit arbitrary web script execution or HTML injection, enabling attacker-controlled content to run in the victim’s browser. The connected documents consis...

CVE-2023-24081

CVE-2023-24081 affects Redrock Software TutorTrac prior to v4.2.170210. The vulnerability is multiple stored XSS in the visits listing page, exploitable by crafting payloads injected into the reason and location fields. Root cause is stored cross-site scripting in these input fields, leading to e...

SUSE CVE-2006-6383

PHP 5.2.0 and 4.4 allows local users to bypass safemode and openbasedir restrictions via a malicious path and a null byte before a ";" in a sessionsavepath argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.savepath...

SUSE CVE-2007-0910

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors...

SUSE CVE-2007-1383

Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286...