8541 matches found
CVE-2024-34449
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...
PT-2024-25903 · Vditor · Vditor
Name of the Vulnerable Software and Affected Versions: Vditor version 3.10.3 Description: The issue allows XSS via an attribute of an A element. The vendor indicates that a user is supposed to mitigate this via sanitize=true. Recommendations: For Vditor version 3.10.3, to mitigate the issue, set...
CVE-2024-34449
CVE-2024-34449 affects Vditor 3.10.3, with XSS via an attribute of an A element. The underlying issue is insufficient sanitization; vendor guidance is to mitigate by enabling sanitize=true. CVSS 3.1 base score 6.1 (Network attack, low complexity, no privilege, user interaction required, scope cha...
WordPress plugin Gutenverse 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin Carousel Slider 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-3725
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied...
CVE-2024-2750
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-2085
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-1842
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Heading tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or...
CVE-2024-1805
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or...
CVE-2024-3161 Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's attributes in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo...
PT-2024-15183 · WordPress · Collapse-O-Matic
Name of the Vulnerable Software and Affected Versions: Collapse-O-Matic plugin for WordPress versions up to, and including, 1.8.5.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'expand' shortcode due to insufficient input sanitization and output escaping on th...
PT-2024-21922 · WordPress · Exclusive Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.6.9.3 Description: The issue arises from insufficient input sanitization and output escaping in the URL attribute of the Button widget, allowing authenticate...
WordPress plugin ShopLentor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin Photo Gallery 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2024-26933
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...
GHSA-9P57-H987-4VGX Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values
There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. The reason these issues were not detected before is the escapes were working as designed. However, their design didn't take into account just how recklessly permissive browser are...
CVE-2022-38386
CVE-2022-38386 affects IBM Cloud Pak for Security (CP4S) 1.10.0.0–1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0–1.10.19.0. The root cause is that SameSite is not set for sensitive cookies, enabling potential information disclosure via MITM. IBM and Red Hat advisories confirm this vulnerab...
CVE-2022-38386 IBM Cloud Pak for Security information disclosure
IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 2337...
CVE-2022-38386 IBM Cloud Pak for Security information disclosure
IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 2337...