Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform derived from the open-source Craft CMS. Versions of Craft Commerce from 4.0.0-RC1 to 4.10.0, as well as from 5.0.0 to 5.5.1, have a cross-site scripting vulnerability. This vulnerability arises due to the transport category names and descriptions being...

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform derived from the open-source Craft CMS. Versions of Craft Commerce from 4.0.0-RC1 to 4.10.0, as well as from 5.0.0 to 5.5.1, have a cross-site scripting vulnerability. This vulnerability arises due to the tax category names and descriptions being improperl...

CVE-2026-24742

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

EUVD-2026-4869

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

CVE-2026-24742 Discourse staff action logs expose sensitive information to moderators

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

CVE-2025-12045 Orbit Fox Companion <= 3.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category and tag 'name' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output...

EUVD-2021-11516

Malware in sbrugna...

EUVD-2012-5091

Malware in sbrugna...

CVE-2021-39161

Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scriptingXSS attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed...

CVE-2022-29950

Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the 1 rule name parameter to the Rules page or the 2 subrule name or 3 categories name parameter to the Subrules page. NOTE: the vendor disputes this because version 1.16 has never existed...

CVE-2021-24604

The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2021-24604

The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

Cross site scripting

The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on servers running PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in...

Cross site scripting

Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scriptingXSS attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed...

PT-2021-22418 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: The issue allows category names to be used for Cross-site scripting XSS attacks. This is mitigated by Discourse's default Content Security Policy, and...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

CVE-2020-14012

scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent...

CVE-2012-5168

ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to 1 user/indexinlineeditorsubmit.php or 2 coursecategory/indexinlineeditorsubmit.php...

CVE-2012-5168

ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to 1 user/indexinlineeditorsubmit.php or 2 coursecategory/indexinlineeditorsubmit.php...