12 matches found
CVE-2026-7556
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress plugin FV Flowplayer Video Player 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Cross-site Scripting (XSS)
Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in th...
PT-2026-28615
Name of the Vulnerable Software and Affected Versions njzjz/wenxian affected versions not specified Description A command injection flaw exists in a GitHub Actions workflow due to the direct use of untrusted user input from issue comment.body within a shell command. The workflow is triggered by...
CVE-2019-25403
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the comment parameter. Attackers can inject JavaScript code through the adminprofiles endpoint that executes in the browse...
CVE-2019-25403 Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via admin_profiles
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the comment parameter. Attackers can inject JavaScript code through the adminprofiles endpoint that executes in the browse...
PT-2024-40250 · Passbolt · Passbolt
Name of the Vulnerable Software and Affected Versions: Passbolt affected versions not specified Description: The issue allows a user to inject bash code during the installation stage of Passbolt, as the system does not perform escaping or verification on the input provided for the username, e-mai...
The vulnerability of the VPN server for microprogramming router Totolink X2000R, which allows attackers to perform cross-site scripting attacks
The vulnerability of the VPN server for microprogramming routers Totolink X2000R relates to the lack of measures taken to protect the website structure during the processing of the “Comment” input field. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attack...
TOTOLINK T10 缓冲区错误漏洞
TOTOLINK T10 is a wireless network system router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T10v2 version 5.9c.5061B20200511, which originates from the comment parameter in the setStaticDhcpConfig of /lib/cstemodules/lan.so that fails to correctly...
CVE-2017-11414
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/appcomment/syscomment.php via $POST'comment', $POST'name', $POST'web', $POST'email', $POST'status', $POST'id', and $REQUEST'id'...
b2evolution 4.0.3 Cross Site Scripting
------------------------------------------------------------------------ Software................b2evolution 4.0.3 Vulnerability...........Persistent Cross-site Scripting Threat Level............Moderate 2/5 Download................http://b2evolution.net/ Vendor Contact Date.....3/15/2011...
apnaspace.txt
Apnaspace.com A myspace type site for arab & indian teens Homepage: http://www.http://www.apnaspace.com Effected files: Comment input box: Posting a blog entry: - Entry title - Entry body Viewing a profile Posting a bulletin. Commenting on a picture Sending mail to someone...