CVE-2023-28820

Concrete CMS previously concrete5 before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized...

CVE-2023-23951

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application...

CVE-2023-2337

The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-0220

The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

CVE-2023-0055

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32...

CVE-2023-0431

The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2023-0033

The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2023-22578

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...

CVE-2023-5049

The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied...

CVE-2023-5051

The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrailform' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the 'formid' user supplied attribute. This makes it possible fo...

CVE-2023-5048

The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ContactFormBuilder' shortcode in versions up to, and including, 1.0.72 due to insufficient input sanitization and output escaping on 'id' user supplied attribute. This makes it possible for...

CVE-2023-33045

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute...

CVE-2023-5866

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1...

CVE-2022-43906

IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897...

CVE-2022-34313

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can...

CVE-2022-4789

The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4683

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0...

CVE-2022-4655

The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack...

CVE-2022-45541

EyouCMS = 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char...

CVE-2022-4409

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9...