12 matches found
CVE-2025-62037
CVE-2025-62037 concerns the Togo WordPress theme (versions before 1.0.4) with a Missing Authorization/Broken Access Control vulnerability. The issue stems from lack of proper authorization checks, potentially allowing unauthorized access to restricted resources. Public documents from Red Hat, ENI...
CVE-2025-62036
CVE-2025-62036 is a Cross-Site Scripting (XSS) vulnerability affecting the WordPress theme Togo (uxper) versions prior to 1.0.4. The issue arises from improper input neutralization during web page generation. Affected product: Togo theme (
CVE-2025-62033 WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through 1.0.4...
WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by ? in WordPress Theme Togo versions 1.0.4...
WordPress Togo theme < 1.0.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by ? in WordPress Theme Togo versions 1.0.4...
WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by ? in WordPress Theme Togo versions 1.0.4...
Linux Distros Unpatched Vulnerability : CVE-2018-3741
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in...
Drupal CKEditor5 Youtube module < 1.0.4 - Unauthenticated Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS vulnerability discovered by nico.b in WordPress Module CKEditor5 Youtube versions 1.0.4...
Drupal Ignition by Thrive Themes module < 1.0.4 - Unauthenticated Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS vulnerability discovered by Dieter Holvoet in WordPress Module Ignition Error Pages versions 1.0.4...
rubygem-rails-html-sanitizer: non-whitelisted attributes are present in sanitized output when input with specially-crafted HTML fragments leading to XSS vulnerability
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications...
UBUNTU-CVE-2018-3741
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications...
DEBIAN-CVE-2018-3741
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications...