518 matches found
SUSE CVE-2016-5701
setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI...
SUSE CVE-2016-9862
An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions prior to 4.6.5 are affected...
CVE-2022-46162
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
Design/Logic Flaw
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
CVE-2022-46162
CVE-2022-46162 concerns the discourse-bbcode plugin for Discourse. Prior to commit 91478f5, rendering content generated with the plugin could trigger CSS injection, affecting sites with the plugin installed and enabled. The issue is patched in commit 91478f5. A practical workaround is to enable a...
PT-2022-27779 · Discourse · Discourse-Bbcode
Name of the Vulnerable Software and Affected Versions: discourse-bbcode versions prior to commit 91478f5 Description: The issue affects sites with the discourse-bbcode plugin installed and enabled, allowing CSS injection when rendering content generated with the plugin. As a workaround, enabling...
CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
PT-2022-6909 · 1с · 1С-Битрикс
Name of the Vulnerable Software and Affected Versions: 1С-Битрикс: Управление сайтом affected versions not specified Description: The issue is related to the lack of protection for the web page structure in the 1С-Битрикс: Управление сайтом content management system. This allows a remote attacker...
phpBB arbitrary CSS injection
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...
GHSA-8HC2-HVRC-X4QR phpBB arbitrary CSS injection
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...
phpBB Cross-Site Request Forgery (CSRF)
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
phpMyAdmin vulnerable to Cross-site Scripting
setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI...
GHSA-RH74-5835-JPXP phpMyAdmin vulnerable to Cross-site Scripting
setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI...
Mageia: Security Advisory (MGASA-2016-0240)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross-site Scripting (XSS) - Stored in livehelperchat/fbmessenger
Description The application does not escape special characters. The $item-bbcode or $item-name variables can lead to stored XSS Proof of Concept Go to Facebook BBCode List https://demo.livehelperchat.com/siteadmin/fbmessenger/newbbcode and add an item with XSS payload into name or bbcode fields,...
CVE-2021-29399
XMB is vulnerable to cross-site scripting XSS due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16...
CVE-2021-29399
XMB is vulnerable to cross-site scripting XSS due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16...
CVE-2021-29399
XMB is affected by a cross-site scripting (XSS) vulnerability caused by inadequate filtering of BBCode input. All versions prior to the fixed releases are impacted; remediation requires upgrading to XMB 1.9.12.03 or 1.9.11.16. The vulnerability affects the rendering of user-supplied BBCode, poten...