39 matches found
CVE-2025-8289
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the deleteassociatedfiles function. This makes it possible for unauthenticated attackers to inject a PHP Object. This...
CVE-2025-8289 Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the deleteassociatedfiles function. This makes it possible for unauthenticated attackers to inject a PHP Object. This...
CVE-2025-8289
CVE-2025-8289 affects the WordPress plugin Redirection for Contact Form 7, vulnerable to unauthenticated PHP Object Injection via PHAR deserialization in delete_associated_files, for versions up to 3.2.4. Exploitation requires a form with a file upload action and the extension “Redirection For Co...
CVE-2025-8289 Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the deleteassociatedfiles function. This makes it possible for unauthenticated attackers to inject a PHP Object. This...
PT-2025-33895 · WordPress +1 · Redirection For Contact Form 7 +2
Name of the Vulnerable Software and Affected Versions: Redirection for Contact Form 7 plugin for WordPress versions prior to 3.2.5 Description: The Redirection for Contact Form 7 plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrusted input within the delet...
CVE-2025-53631
flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...
CVE-2025-53631
flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...
CVE-2025-53631 flaskBlog XSS Vulnerability in postContent
flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...
CVE-2025-53631
FlaskBlog vulnerability CVE-2025-53631 affects FlaskBlog versions prior to 2.8.1. Root cause: improper sanitization of postContent submitted to /createpost, enabling arbitrary JavaScript execution (XSS) on all pages where the post is reflected (/, /post/[ID], /admin/posts, /user/[ID]). Impact is ...
Missing Authentication for Critical Function
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the deduplicateCreatePost method. An attacker can access posts in private channels without proper...
BB Machine Forum 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to stored cross-site scriptingXSS attacks. An attacker is able to inject and execute malicious javascript via the create post functionality...
Cross-site Scripting in Anchor CMS
A cross-site scripting XSS vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML...
CVE-2021-46253
A cross-site scripting XSS vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML...
CVE-2021-24605
The createpostpage AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6 available to authenticated user does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue...
CVE-2008-2849
Cross-site scripting XSS vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-2849
Cross-site scripting XSS vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-2849
Cross-site scripting XSS vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors...