2347 matches found
CVE-2025-41051
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/bootstrap...
CVE-2025-41051
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/bootstrap...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/bootstrap process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by...
CVE-2025-41051 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/bootstrap...
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attributeIn Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute
...
PT-2025-35922
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...
appRain CMF 跨站脚本漏洞
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/bootstrap endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
...
Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.
...
WordPress Plugin All Bootstrap Blocks Access Control Break Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control disruption vulnerability exists in the WordPress plugin All Bootstrap Blocks, which...
CVE-2025-54733
Missing Authorization vulnerability in allbootstrapblocks All Bootstrap Blocks all-bootstrap-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All Bootstrap Blocks: from n/a through = 1.3.28...
Linux Distros Unpatched Vulnerability : CVE-2022-1726
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to...
GHSA-8PXW-9C75-6W56 NeuVector admin account has insecure default password
Impact A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the defau...
NeuVector admin account has insecure default password
Impact A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the defau...
CVE-2025-54733
Missing Authorization vulnerability in allbootstrapblocks All Bootstrap Blocks all-bootstrap-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All Bootstrap Blocks: from n/a through = 1.3.28...
CVE-2025-54733 WordPress All Bootstrap Blocks Plugin <= 1.3.28 - Broken Access Control Vulnerability
Missing Authorization vulnerability in allbootstrapblocks All Bootstrap Blocks all-bootstrap-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All Bootstrap Blocks: from n/a through = 1.3.28...
CVE-2025-54733
The CVE-2025-54733 entry concerns the WordPress plugin All Bootstrap Blocks (Miles All Bootstrap Blocks). Public sources in the connected documents confirm a Missing Authorization/Broken Access Control vulnerability affecting All Bootstrap Blocks versions up to and including 1.3.28. The root issu...
CVE-2025-54733 WordPress All Bootstrap Blocks Plugin <= 1.3.28 - Broken Access Control Vulnerability
Missing Authorization vulnerability in allbootstrapblocks All Bootstrap Blocks all-bootstrap-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All Bootstrap Blocks: from n/a through = 1.3.28...
WordPress plugin All Bootstrap Blocks 安全漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control disruption vulnerability exists in the WordPress plugin All Bootstrap Blocks, which...
PT-2025-35075
Name of the Vulnerable Software and Affected Versions: Miles All Bootstrap Blocks versions through 1.3.28 Description: A missing authorization issue exists in Miles All Bootstrap Blocks, allowing exploitation of incorrectly configured access control security levels. Recommendations: At the moment...