CVE-2020-14962

Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title aka imageTitle or Caption aka description field of an image to wp-admin/admin-ajax.php...

CVE-2020-14962

Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title aka imageTitle or Caption aka description field of an image to wp-admin/admin-ajax.php...

CVE-2020-14962

The CVE-2020-14962 issue affects the WordPress Final Tiles Gallery/FTG Lite plugin (versions before 3.4.19). The underlying vulnerability is Cross-Site Scripting (XSS) in the image handling: attacker-supplied input in the image Title (imageTitle) or Description (caption) fields passed to wp-admin...

PT-2020-6782 · Unknown · Beaver Builder

Name of the Vulnerable Software and Affected Versions: Beaver Builder versions up to, and including, 2.5.5.2 Description: The issue arises from insufficient input sanitization and output escaping in the 'Caption - On Hover' value associated with images. This allows authenticated attackers with...

PT-2020-6784 · Unknown · Beaver Builder

Name of the Vulnerable Software and Affected Versions: Beaver Builder versions up to, and including, 2.5.5.2 Description: The issue arises from insufficient input sanitization and output escaping of the caption parameter when uploading media files through the Beaver Builder editor. This allows...

CVE-2015-9419

The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section...

Design/Logic Flaw

The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section...

CVE-2015-9419

CVE-2015-9419 affects the Captain Slider WordPress plugin, version 1.0.6, which is vulnerable to cross-site scripting via a Title or Caption section. The NVD records CVSS v2 base score 4.3 (MEDIUM) and CVSS v3.1 base score 6.1 (MEDIUM). No exploitation status or patches are detailed in the provid...

CVE-2016-10988

The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebookmessage, facebooklinkname, facebookcaption, facebookdescription, defaultimage, or wphttpreferer...

CVE-2019-16145

The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption...

CVE-2019-14297

Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx...

Information Disclosure

Firefox, Firefox ESR and Thunderbird are vulnerable to information disclosure. Remote attackers could exploit the vulnerable Video Caption Handler component by load video captions from other domains to cause potential information disclosure for video captions...

Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget) Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Veeam ONE Reporter - Stored Cross-site Scripting Add/Edit Widget Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Vendor Homepage: https://www.veeam.com/ Software Link:...

CVE-2019-9168

WooCommerce before 3.5.5 allows XSS via a Photoswipe caption...

Cross site scripting

WooCommerce before 3.5.5 allows XSS via a Photoswipe caption...

imagemagick/ping_mvg_fuzzer: Crash in GlobExpression

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5703754605658112 Project: imagemagick Fuzzer: libFuzzerimagemagickpingmvgfuzzer Fuzz target binary: pingmvgfuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type: UNKNOWN RE...

May 23, 2018—KB4100403 (OS Build 17134.81)

May 23, 2018—KB4100403 OS Build 17134.81 Note This release also contains updates for Microsoft HoloLens OS Build 17134.80 released May 22, 2018. Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes...

CVE-2018-7717

The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended SIGE extension 3.2.3 for Joomla! has XSS via a crafted image header, as demonstrated by the Caption-Abstract header object in a JPEG file. This is fixed in 3.3.1...

CVE-2018-7717

The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended SIGE extension 3.2.3 for Joomla! has XSS via a crafted image header, as demonstrated by the Caption-Abstract header object in a JPEG file. This is fixed in 3.3.1...

UBUNTU-CVE-2017-14741

The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service infinite loop via a crafted font file...