17 matches found
CVE-2026-0686
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 in the 'MF2::parseauthorpage' function via the 'Receiver::post' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...
EUVD-2013-4415
Malware in sbrugna...
EUVD-2020-7118
Malware in sbrugna...
CVE-2020-14988
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...
Products.CMFPlone XSS in profile home_page property
A member of the Plone site could set javascript in the homepage property of their profile, and have this executed when a visitor clicks the home page link on the author page...
CVE-2020-14988
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...
CVE-2020-14988
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...
PYSEC-2018-71
A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...
CVE-2017-1000482
A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...
CVE-2017-1000482
A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...
Article Directory Script SQL Injection Vulnerability
Article Directory Script is a script for creating article directories in websites. A SQL injection vulnerability exists in Article Directory Script version 3.0. A remote attacker can exploit this vulnerability by sending the 'id' parameter to the author.php or category.php file to inject SQL...
DEBIAN-CVE-2013-4556
Cross-site scripting XSS vulnerability in the author page prive/formulaires/editerauteur.php in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the urlsite parameter...
UBUNTU-CVE-2013-4556
Cross-site scripting XSS vulnerability in the author page prive/formulaires/editerauteur.php in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the urlsite parameter...
CVE-2013-4556
Cross-site scripting XSS vulnerability in the author page prive/formulaires/editerauteur.php in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the urlsite parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the author page prive/formulaires/editerauteur.php in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the urlsite parameter...
CVE-2013-4556
Cross-site scripting XSS vulnerability in the author page prive/formulaires/editerauteur.php in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the urlsite parameter...
CVE-2013-4556
Cross-site scripting XSS vulnerability in the author page prive/formulaires/editerauteur.php in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the urlsite parameter...