103 matches found
CVE-2026-1886 Go Night Pro | WordPress Dark Mode Plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'margin' Shortcode Attribute
The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'go-night-pro-shortcode' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on the user-supplied 'margin'...
CVE-2020-24601
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page...
EUVD-2019-18375
Malware in sbrugna...
EUVD-2019-15002
Malware in sbrugna...
EUVD-2024-2830
Malicious code in bioql PyPI...
EUVD-2023-32059
Malicious code in bioql PyPI...
WordPress plugin Email Address Security by WebEmailProtector 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...
CVE-2019-5398
A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor versions: prior to 5.0.5.1...
CVE-2025-2946 Cross-Site Vulnerability(XSS) due to arbitrary HTML/JavaScript gets executed while query result rendering in Query Tool and View/Edit Data Tool of pgAdmin 4
pgAdmin = 9.1 is affected by a security vulnerability with Cross-Site ScriptingXSS. If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser...
CVE-2024-9148
Flowise 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed 2.0.0...
BIT-GITLAB-2021-22213
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari...
BIT-OPENFIRE-2020-24601
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page...
ava.sescto.com.br Cross Site Scripting vulnerability OBB-3857680
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress Plugin TinyMCE and TinyMCE Advanced Professsional Formats and Styles Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
Task Manager Cross-Site Scripting Vulnerability
Task Manager is an open source task manager application from Code-Projects. Task Manager suffers from a cross-site scripting vulnerability that originates from a cross-site scripting XSS vulnerability in the file /TaskManager/Projects.php...
Security Bulletin: Stored cross-site vulnerability when performing a document upload using Responsive Document Explorer affect IBM Business Automation Workflow - CVE-2023-24957
Summary IBM Business Automation Workflow is vulnerable to a Stored cross-site vulnerability when performing a document upload using Responsive Document Explorer. Vulnerability Details CVEID:CVE-2023-24957 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This...
Academy Learning Management System 跨站脚本漏洞
Academy Learning Management System is an Academy Learning Management System from the Creativeitem team. A security vulnerability exists in Academy Learning Management System versions prior to v5.10, which can be exploited by an attacker to create arbitrary pages...
Claroline 跨站脚本漏洞
Claroline is an open source learning management system from Claroline Open Source. A security vulnerability exists in Claroline version 13.5.7 and earlier versions. An attacker exploited the vulnerability to elevate privileges by arbitrarily creating privileged users...
IBM QRadar SIEM Cross-Site Vulnerability
IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A cross-site...
Security Bulletin: Websphere Application Server which is a component of IBM Cloud Pak for Applications has a cross-site vulnerability in the Admin Console
Summary WebSphere Application Server is shipped as a component of IBM Cloud Pak for Applications. There is a cross-site vulnerability in Admin Console of the WebSphere Application Server. Information about security vulnerabilities affecting WebSphere Application Server have been published in a...