Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' through the system's Content staging feature. An...

WordPress Cross-Site Scripting Vulnerability (CNVD-2021-83665)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Content Staging, which stems fro...

CVE-2021-39356

The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the /templates/settings.php file which allowed attackers with administrative user access to inject arbitrary web...

CVE-2021-39356

The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the /templates/settings.php file which allowed attackers with administrative user access to inject arbitrary web...

Cross site scripting

The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the /templates/settings.php file which allowed attackers with administrative user access to inject arbitrary web...

CVE-2021-39356 Content Staging <= 2.0.1 Authenticated Stored Cross-Site Scripting

The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the /templates/settings.php file which allowed attackers with administrative user access to inject arbitrary web...

CVE-2021-39356

Content Staging (WordPress) plugin ≤ 2.0.1 is vulnerable to Stored XSS due to insufficient input validation/escaping in parameters echoed by templates/settings.php. Administrative-authenticated attackers can inject arbitrary scripts; impact affects multisite and sites where unfiltered_html is dis...

CVE-2021-39356 Content Staging <= 2.0.1 Authenticated Stored Cross-Site Scripting

The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the /templates/settings.php file which allowed attackers with administrative user access to inject arbitrary web...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Content Staging, which stems fro...

WordPress Content Staging <= 2.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress Content Staging versions = 2.0.1. Solution Deactivate and delete. This plugin has been closed as of October 15, 2021 and is not available for download. This closure is temporary, pending...