CVE-2024-37546

CVE-2024-37546 concerns the WordPress plugin “Image Hover Effects – Caption Hover with Carousel” (versions

WordPress Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Image Hover Effects - Caption Hover with Carousel versions = 3.0.2...

PT-2024-27643 · Unknown · Image Hover Effects - Caption Hover With Carousel

Name of the Vulnerable Software and Affected Versions: Image Hover Effects - Caption Hover with Carousel versions 3.0.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS...

CVE-2024-39326 SkillTree CSRF Vulnerability allows an attacker to modify the Video and Captions of a Skill

SkillTree is a micro-learning gamification platform. Prior to version 2.12.6, the endpoint /admin/projects/projectname/skills/skillname/video and probably others is open to a cross-site request forgery CSRF vulnerability. Due to the endpoint being CSRFable e.g POST request, supports a content typ...

WordPress plugin Photo Gallery, Images, Slider in Rbs Image Gallery Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

WordPress plugin Enhanced Media Library 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-24364 · Kohya Ss · Kohya Ss

Name of the Vulnerable Software and Affected Versions: Kohya ss versions prior to 23.1.5 Description: Kohya ss, a GUI for Kohya's Stable Diffusion trainers, is affected by a command injection issue in the git caption gui.py file. Recommendations: For versions prior to 23.1.5, update to version...

The vulnerability of the Jenkins automation server arises from improper handling of input during the creation of web pages. This allows attackers to carry out attacks using XSS techniques, with the ability to manipulate files in the working areas.

The vulnerability of the Jenkins automation server relates to the absence of a protection mechanism for the value of the “caption” parameter in the ExpandableDetailsNote configuration. Exploiting this vulnerability allows an attacker to carry out attacks using XSS techniques, with the ability to...

BIT-MEDIAWIKI-2021-46146

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file...

Image Hover Effects <= 5.5 - Cross-Site Request Forgery

Description The Image Hover Effects plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.5. This is due to missing or incorrect nonce validation on the savecaptionoptions function. This makes it possible for unauthenticated attackers to modify the...

WordPress Plugin Featured Image Caption Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Featured Image Caption Plugin <= 0.8.10 is vulnerable to Cross Site Scripting (XSS)

Software Featured Image Caption Type Plugin Vulnerable versions = 0.8.10 Fixed in 0.8.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5669 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0231a5ef9472 Credits Lana Codes...

1E Platform Security Vulnerability

1E Platform is a terminal endpoint management and automation solution from 1E. A security vulnerability exists in prior versions of 1E Platform-Exchange Product Pack-End-User Interaction 23 that stems from not properly validating the Caption or Message parameters, allowing an attacker to execute...

GHSA-5J46-5HWQ-GWH7 Jenkins Cross-site Scripting vulnerability

ExpandableDetailsNote allows annotating build log content with additional information that can be revealed when interacted with. Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the caption constructor parameter of ExpandableDetailsNote. This results in a stored...

PT-2023-8996 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.423 and earlier, LTS versions 2.414.1 and earlier Description: The issue is related to the lack of escaping of the caption constructor parameter value of ExpandableDetailsNote, resulting in a stored cross-site scripting XSS...

Jenkins Cross-Site Scripting Vulnerability

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project. A security vulnerability exists in Jenkins that stems from the fact that the value of the "caption" constructor paramete...

WordPress Plugin Bulk edit image alt tag, caption & description 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Bulk edit image alt tag,...

XSS Stored in Caption Image

Description Hello team, I found an xss stored in the caption field as demonstrated in the gif below. Proof of Concept...

SUSE CVE-2010-1400

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving caption elements...

SUSE CVE-2016-10146

Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service memory consumption via unspecified vectors...