19 matches found
CVE-2026-47694
WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders categorydescription as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes whe...
EUVD-2026-33304
WWBN AVideo: Stored XSS via unescaped Gallery category description...
CVE-2026-47694
WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders categorydescription as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes whe...
CVE-2026-47694 WWBN AVideo: Stored XSS via unescaped Gallery category description
WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders categorydescription as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes whe...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities stem from storing user-input category descriptions as raw HTML during Gallery view rendering. This allows...
PT-2026-44848
Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description AVideo stores category descriptions from user input and renders the category description variable as raw HTML in the Gallery view. A user with permissions to create or edit categories can inject...
EUVD-2026-17550
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issu...
PT-2026-29306
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issu...
CVE-2026-0693
The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all versions up to, and including, 1.2.4. This is due to the plugin unconditionally removing the wpksesdata output filter for termdescription, linkdescription,...
CVE-2026-0693
The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all versions up to, and including, 1.2.4. This is due to the plugin unconditionally removing the wpksesdata output filter for termdescription, linkdescription,...
CVE-2026-0693 Allow HTML in Category Descriptions <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Category Descriptions
The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all versions up to, and including, 1.2.4. This is due to the plugin unconditionally removing the wpksesdata output filter for termdescription, linkdescription,...
CVE-2026-0693
The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all versions up to, and including, 1.2.4. This is due to the plugin unconditionally removing the wpksesdata output filter for termdescription, linkdescription,...
CVE-2026-0693
CVE-2026-0693 : Stored XSS in the WordPress plugin Allow HTML in Category Descriptions (versions up to 1.2.4). The flaw stems from unconditionally removing the wp_kses_data output filter for term_description, link_description, link_notes, and user_description without capability checks, enabling a...
CVE-2026-0693 Allow HTML in Category Descriptions <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Category Descriptions
The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all versions up to, and including, 1.2.4. This is due to the plugin unconditionally removing the wpksesdata output filter for termdescription, linkdescription,...
WordPress plugin Allow HTML in Category Descriptions 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Allow HTML in Category Descriptions plugin <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Category Descriptions vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Category Descriptions vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Allow HTML in Category Descriptions versions = 1.2.4...
Craft Commerce 跨站脚本漏洞
Craft Commerce is an e-commerce platform derived from the open-source Craft CMS. Versions of Craft Commerce from 4.0.0-RC1 to 4.10.0, as well as from 5.0.0 to 5.5.1, have a cross-site scripting vulnerability. This vulnerability arises due to the tax category names and descriptions being improperl...
PT-2026-4589
Name of the Vulnerable Software and Affected Versions Allow HTML in Category Descriptions plugin for WordPress affected versions not specified Description The “Allow HTML in Category Descriptions” plugin for WordPress has a flaw where it incorrectly removes security checks on input data...
CVE-2020-14012
scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent...