5 matches found
[SECURITY] [DLA 4428-1] mediawiki security update
Debian LTS Advisory DLA-4428-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin December 30, 2025 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.35.13-1+deb11u6 CVE ID : CVE-2025-67475 CVE-2025-67478 CVE-2025-67479 CVE-2025-67480 CVE-2025-67481...
CVE-2023-28820
Concrete CMS previously concrete5 before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized...
SUSE-SU-2023:1904-1 Security update for grafana
This version update from 8.5.20 to 8.5.22 for grafana fixes the following issues: - Security issues fixed: CVE-2023-1410: Fix XSS in Graphite functions tooltip bsc1209645 CVE-2023-0507: Apply attribute sanitation to GeomapPanel bsc1208821 CVE-2023-0594: Avoid storing XSS in TraceView panel...
ACF Photo Gallery Field < 1.7.5 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the post parameter in the includes/acfphotogallerymetaboxedit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC...
Cross site scripting
The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting XSS issue as user input was not properly sanitised before being output in an attribute...