3491 matches found
EUVD-2025-204625
The WP DB Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the cleanupall AJAX action. This makes it possible for unauthenticated attackers to delete database records including post...
CVE-2025-14168 WP DB Booster <= 1.0.1 - Cross-Site Request Forgery to Database Cleanup
The WP DB Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the cleanupall AJAX action. This makes it possible for unauthenticated attackers to delete database records including post...
CVE-2023-53897
Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers...
CVE-2023-53897
Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers...
CVE-2023-53897 Rukovoditel 3.4.1 Multiple Stored Cross-Site Scripting via Comments
Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers...
EUVD-2023-60193
Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers...
CVE-2023-53897
The vulnerability described for CVE-2023-53897 affects Rukovoditel 3.4.1, with multiple stored cross-site scripting flaws in project task comments. Underlying issue: stored XSS that allows an authenticated attacker to inject malicious scripts, which can execute in the browsers of victims when com...
CVE-2023-53897 Rukovoditel 3.4.1 Multiple Stored Cross-Site Scripting via Comments
Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers...
PT-2025-51745
Name of the Vulnerable Software and Affected Versions Rukovoditel version 3.4.1 Description Rukovoditel version 3.4.1 has multiple stored cross-site scripting issues. Authenticated attackers can inject malicious scripts into project task comments. This allows them to execute arbitrary JavaScript ...
EUVD-2025-203408
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...
CVE-2025-51962
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...
CVE-2025-51962
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...
CVE-2025-51962
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...
PT-2025-51274
Name of the Vulnerable Software and Affected Versions MicroStudio version 24.01.29 Description A HTML Injection issue exists in the comment section of the project page. This allows remote attackers to inject arbitrary web script or HTML through the text parameter of the add project comment...
SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2025:03439-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03439-1 advisory. - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap bsc1250232. Tenable has...
CVE-2025-51962
CVE-2025-51962 describes an HTML Injection in MicroStudio 24.01.29’s project page comments. The vulnerability arises in the add_project_comment function, allowing remote attackers to inject arbitrary scripts/HTML via the text parameter. CVSSv3.1 base score 6.1 (Medium) with NETWORK attack vector,...
microStudio 安全漏洞
microStudio is an online game engine by Gilles Individual Developers. A security vulnerability exists in microStudio version 24.01.29, which stems from an HTML injection in the comments section of the project page, which could allow a remote attacker to inject arbitrary web script or HTML via the...
SUSE CVE-2025-12756
Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users...
WordPress plugin comments-secretary 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...
CVE-2025-12756
Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users...