Beaver Builder < 2.5.5.3 - Authenticated Stored XSS via Caption

The plugin does not sanitise and escape the caption parameter added to images via the media uploader, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks...

Beaver Builder < 2.5.5.3 - Authenticated Stored XSS via Caption On Hover

The plugin does not sanitise and escape the Caption On Hover field of images, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks...

DRUPAL-CONTRIB-2022-036

Image Field Caption imagefieldcaption adds an extra text area for captions on image fields. The module doesn't sanitize user input in certain cases, which leads to a Cross-Site-Scripting XSS vulnerability. The vulnerability is mitigated by several permissions, of which at least some are commonly...

Image Field Caption - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-036

Image Field Caption imagefieldcaption adds an extra text area for captions on image fields. The module doesn't sanitize user input in certain cases, which leads to a Cross-Site-Scripting XSS vulnerability. The vulnerability is mitigated by several permissions, of which at least some are commonly...

CVE-2022-27854

Stored Cross-Site Scripting XSS vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin = 0.21.19 on WordPress possible for users with contributor or higher role via &wpttestpagesubmitbuttoncaption parameter...

CVE-2022-27854

Stored Cross-Site Scripting XSS vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin = 0.21.19 on WordPress possible for users with contributor or higher role via testpagesubmitbuttoncaption parameter...

PT-2022-18643 · Unknown · Alexander Ustimenko'S Psychological Tests & Quizzes Plugin

Name of the Vulnerable Software and Affected Versions: Alexander Ustimenko's Psychological tests & quizzes plugin versions = 0.21.19 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability. It affects users with a contributor or higher role. The vulnerability can be exploited vi...

CVE-2021-46146

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file...

Cross site scripting

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file...

CVE-2021-46146

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file...

PT-2022-12580 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.5 MediaWiki versions 1.36.x prior to 1.36.3 MediaWiki versions 1.37.x prior to 1.37.1 Description: An issue was discovered in the WikibaseMediaInfo component, which is vulnerable to XSS via the caption fields...

Improper Access Control in chocobozzz/peertube

Description Unauthenticated users can obtain the caption of private videos Proof of Concept 1: First, create a private video and upload a caption 2: As an unauthenticated user, logout and visit the /api/v1/videos/1/captions 3: The response should return a lazy-static URL...

CVE-2021-39838

Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetCaption action that could result in arbitrary code execution in the context of the current use...

The vulnerability of the ReadCAPTIONImage function in the coders/caption.c component of the console image editing tool ImageMagick, which is related to infinite loop execution, allows a hacker to cause a service failure.

The vulnerability of the ReadCAPTIONImage function in the coders/caption.c component of the ImageMagick console graphics editor is related to the infinite execution of a loop. Exploiting this vulnerability allows an attacker who operates remotely to cause a service failure using a specially creat...

WordPress Elementor Website Builder 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

WordPress 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

MetaSlider < 3.17.2 - Authenticated Stored Cross-Site Scripting (XSS)

Vishnupriya Ilango, from Fortinet's FortiGuard Lab, discovered a stored Cross-Site Scripting XSS vulnerability in Metaslider plugin v3.17.1, which exists in Image caption or description parameter in the slide creation module...

DRUPAL-CORE-2020-010

Drupal core's built-in CKEditor image caption functionality is vulnerable to XSS...

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010

Drupal core's built-in CKEditor image caption functionality is vulnerable to XSS...

CVE-2020-14962

Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title aka imageTitle or Caption aka description field of an image to wp-admin/admin-ajax.php...