3 matches found
CVE-2021-24605
The createpostpage AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6 available to authenticated user does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue...
DEBIAN-CVE-2010-1189
MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue."...
CVE-2009-1694
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site...