25 matches found
CVE-2024-26050
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to th...
CVE-2024-0657
The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'iljsettingsfieldlinksperpage' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes i...
CVE-2023-5691
The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...
CVE-2023-0585
The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above...
TouchCloud OS has an override vulnerability
TouchCloud OS is a smart router solution. TouchCloudOS suffers from an over-the-horizon operation vulnerability that can be exploited by an attacker who is not authenticated as an administrator to take control of the router...