WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

PT-2025-2141 · WordPress · Gravity Forms

Name of the Vulnerable Software and Affected Versions: Gravity Forms plugin for WordPress versions up to, and including, 2.9.1.3 Description: The issue is related to Stored Cross-Site Scripting via the alt parameter due to insufficient input sanitization and output escaping. This allows...

WordPress GravityForms plugin <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via 'alt' parameter vulnerability discovered by mikemyers in WordPress Plugin Gravity Forms versions = 2.9.1.3...

CVE-2024-2165

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access...

DEBIAN-CVE-2015-5382

program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the alt parameter when uploading a vCard...

UBUNTU-CVE-2015-5382

program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the alt parameter when uploading a vCard...

Roundcube Absolute Path Traversal Vulnerability

RoundCube Webmail is a browser-based IMAP client that supports address book management, message searching, spell checking and more. An absolute path traversal vulnerability exists in the program/steps/addressbook/photo.inc file in RoundCube Webmail, which allows remote attackers to read arbitrary...

Path traversal

Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the alt parameter, related to contact photo handling...

CVE-2012-4485

Multiple cross-site scripting XSS vulnerabilities in the galleryformatterfieldformatterview functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow remote authenticated users with permissions to create a node or entity to inject arbitrary web script or...