CVE-2021-47924 WordPress Plugin Ultimate Product Catalogue 5.8.2 Stored XSS via price

Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary...

AZL-74778 CVE-2026-0992 affecting package libxml2 for versions less than 2.10.4-10

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to...

CVE-2025-49331

Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through = 3.4.3...

PT-2024-7007 · Oracle · Oracle Product Hub +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to a vulnerability in the Item Catalog component of Oracle Product Hub, which can be exploited by a low-privileged attacker with network access via HTTP...

art-catalog.ru Cross Site Scripting vulnerability OBB-3035124

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Sitecore CRM Catalog Traversal Vulnerability

Sitecore CRM is a suite of customer relationship management solutions from Sitecore Denmark. A target traversal vulnerability exists in Sitecore CRM version 8.1 Rev 151207. A remote attacker can exploit this vulnerability to conduct a directory traversal attack and read arbitrary files...

tigres.ua XSS vulnerability

Vulnerable URL: http://tigres.ua/warehouse/catalogue/tigres/toys/mild/xxl-size/?search=xx' onmouseover='alert/XSSPOSED/' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4692412 Goog...

Sql injection

SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646...

Full Disclosure: Windows File Protection Old Security Catalog Vulnerability

============================================================================ == SECURITY ALERT Windows File Protection Old Security Catalog Vulnerability December 26, 2002 Full Disclosure, [email protected] and others August 26, 2002 Private Disclosure, Microsoft Press and others Jason Coombs...

Security Update: [CSSA-2002-SCO.3] UnixWare 7: message catalog environment variable vulnerability

To: [email protected] [email protected] [email protected] Caldera International, Inc. Security Advisory Subject: UnixWare 7: message catalog environment variable vulnerability Advisory number: CSSA-2002-SCO.3 Issue date: 2002 February 7 Cross reference: 1. Problem Descripti...