CVE-2021-47951 WordPress Picture Gallery 1.4.2 Stored XSS via Edit Content URL

WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...

CVE-2021-47951

WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...

CVE-2021-47951

CVE-2021-47951 concerns WordPress Picture Gallery 1.4.2, which has a stored cross-site scripting (XSS) flaw. The vulnerability allows authenticated attackers to inject JavaScript through the Edit Content URL field in the Access Control settings; payloads stored in the database can execute when th...

CVE-2021-47951 WordPress Picture Gallery 1.4.2 Stored XSS via Edit Content URL

WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...

CVE-2025-14613

The GetContentFromURL plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0. This is due to the plugin using wpremoteget instead of wpsaferemoteget to fetch content from a user-supplied URL in the 'url' parameter of the gcfu shortcode. This...

CVE-2020-36924

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modif...

CVE-2020-36924

Sony BRAVIA Digital Signage 1.7.8 is affected by a remote file inclusion vulnerability in the content material URL parameter. The issue allows attackers to inject arbitrary client-side scripts, potentially hijacking user sessions, performing cross-site scripting, and altering display content by m...

Server-side Request Forgery (SSRF)

Overview llamafactory is an Easy-to-use LLM fine-tuning framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the processrequest function, which processes incoming content URLs without proper validation or sanitization. An attacker can access internal...

WordPress plugin Picture Gallery 'Edit Content URL' cross-site scripting vulnerability

WordPress is a blogging platform based on the PHP language that can be used to host websites on servers that support PHP and MySQL databases, and can also be used as a content management system CMS. WordPress plugin Picture Gallery 'Edit Content URL' has a cross-site scripting vulnerability that...

Picture Gallery < 1.4.4 - Authenticated Stored XSS

The plugin does not properly sanitize input on a field found in the plugin's settings page, leading to a stored cross site scripting risk where authenticated users can target other authenticated users. Enter a XSS payload like "alertdocument.location in the "Content URL" field found on the plugin...

chimneypiecedesigner.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-429603 Description| Value ---|--- Affected Website:| chimneypiecedesigner.co.uk Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS...

educacional.net XSS vulnerability

Vulnerable URL: http://www.educacional.net/comum/detectaflash/flashdetection.swf?flashContentURL=javascript:alert1 Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 11.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

ww.bouyguesstroi.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-327956 Description| Value ---|--- Affected Website:| ww.bouyguesstroi.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

viden.jp.dk Open Redirect vulnerability

Open Bug Bounty ID: OBB-327309 Description| Value ---|--- Affected Website:| viden.jp.dk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

lsv-ohz.de Open Redirect vulnerability

Open Bug Bounty ID: OBB-325985 Description| Value ---|--- Affected Website:| lsv-ohz.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

waldgut.ch XSS vulnerability

Vulnerable URL: http://www.waldgut.ch/content/e94/e89/indexger.html?bookTitle=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown /...