WordPress WP Sitemap Page Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress WP Sitemap Page plugin, which can be exploited by...

CVE-2019-6034

a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows arbitrary scripts to be executed in the context of the application due to unspecified vectors...

Input validation

a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows arbitrary scripts to be executed in the context of the application due to unspecified vectors...

CVE-2019-6034

The CVE-2019-6034 issue exists in a-blog cms prior to versions 2.10.23 (2.10.x), 2.9.26 (2.9.x), and 2.8.64 (2.8.x). It enables arbitrary scripts to be executed in the context of the application due to a script injection flaw (unspecified vectors). Impact is that an arbitrary script may run in th...

Stored xss vulnerability in Seven Bears repository system (CNVD-2019-46637)

Seven bears library system is a similar to Baidu library online document preview, selling system. A stored xss vulnerability exists in the Seven Bears library system, which can be exploited by an attacker to inject arbitrary Web script or HTML...

Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

GHSA-VRCF-G539-X6H3 Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

CVE-2019-19085

A persistent cross-site scripting XSS vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML...

CVE-2019-17206

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

Deserialization of untrusted data

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

PYSEC-2019-46

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

PYSEC-2019-116

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

CVE-2019-17206

The CVE-2019-17206 entry describes an Uncontrolled deserialization of a pickled object in the Frost Ming rediswrapper (Redis Wrapper) code path, specifically in models.py, that existed prior to version 0.3.0. This vulnerability allows an attacker to execute arbitrary scripts due to unsafe pickle ...

Tyto Software Sahi Pro Remote Code Execution Vulnerability

Tyto Software Sahi Pro is a suite of automated testing tools from Tyto Software India. Tyto Software Sahi Pro suffers from a remote code execution vulnerability that can be exploited by an attacker to execute arbitrary scripts on a remote Sahi Pro server...

XSS Vulnerability in UQCMS Single Merchant System

UQCMS Single Merchant System is an external display and shopping system suitable for running your own products. UQCMS Single Merchant System suffers from an XSS vulnerability, which can be exploited by attackers to inject arbitrary Web script or HTML...

WordPress Yoast SEO Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Yoast SEO Plugin versions prior to 11.6-RC5, which ca...

CVE-2019-5970

Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross-site Scripting (XSS)

Red Hat JBoss Enterprise Application Platform is vulnerable to cross-site scripting XSS attacks in JBoss Management Console, which allows user with roles that can create objects to inject arbitrary scripts to perform attack...

XSS Vulnerability in JEESNS Article Comments

JEESNS is an open source social management system developed on JAVA's enterprise-class platform. JEESNS article comments at the XSS vulnerability , an attacker can use the vulnerability to inject arbitrary Web script or HTML...

CVE-2018-18285

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database...