CVE-2024-12117

The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter of the Button block in all versions up to, and including, 3.13.11 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2024-27891 · WordPress · Tagdiv Composer

Name of the Vulnerable Software and Affected Versions: tagDiv Composer plugin for WordPress versions up to, and including, 4.8 Description: The issue allows authenticated attackers with contributor-level and above permissions to include and execute arbitrary files on the server via the 'td block...

WordPress Plugin Stackable 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Context - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-049

This module enables you to conditionally display blocks in particular theme regions. The module doesn't sufficiently sanitize the title of a block as displayed in the admin UI when a site administrator edits a context block reaction. This vulnerability is mitigated by the fact that an attacker mu...

Moodle 2.5.9/2.6.8/2.7.5/2.8.3 - Block Title Handler Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Moodle 2.5.9/2.6.8/2.7.5/2.8.3 Block Title Handler Cross-Site Scripting Vendor: Moodle Pty Ltd Product web page: https://www.moodle.org Affected version: 2.8.3, 2.7.5, 2.6.8 and 2.5.9 Summary: Moodle is a learning platform designed to provide...

Cross site scripting

Cross-site scripting XSS vulnerability in the easysocialadminsummary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a block title...

CVE-2014-8319

Cross-site scripting XSS vulnerability in the easysocialadminsummary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a block title...

Cross site scripting

Cross-site scripting XSS vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title...

Cross site scripting

Cross-site scripting XSS vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."...

CVE-2010-1107

Cross-site scripting XSS vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."...