CVE-2025-12135

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csscode' parameter in all versions up to, and including, 1.0.6 due to a missing capability check on the savecustomecode function. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-12135

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csscode' parameter in all versions up to, and including, 1.0.6 due to a missing capability check on the savecustomecode function. This makes it possible for unauthenticated attackers to inject arbitrary web...

PT-2025-47691

Name of the Vulnerable Software and Affected Versions WPBookit versions up to and including 1.0.6 Description The WPBookit plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to a missing capability check on the save custome code function, allowing unauthenticated...

CVE-2024-41732

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read ...

CVE-2024-41732

SAP NetWeaver Application Server ABAP is affected by CVE-2024-41732: an unauthenticated attacker can craft a URL that bypasses allowlists, potentially injecting CSS or links to read/modify information. Impact is limited to data confidentiality/ integrity; no availability impact is stated. Affecte...

CVE-2024-41732 Improper Access Control in SAP Netweaver Application Server ABAP

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read ...

CVE-2024-41732 Improper Access Control in SAP Netweaver Application Server ABAP

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read ...

USN-6140-1: Go vulnerabilities

It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10. CVE-2022-41724, CVE-2023-24534, CVE-2023-24537 It was discovered...

Revive Adserver: Multiple cross-site scripting (XSS) vulnerabilities in Revive Adserver

Vulnerability description not provided...

Cross site scripting

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if...

LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS

The plugin does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then ...

Cross Site Scripting vulnerability allows injecting HTML code into table edits

h3. Issue Summary Cross Site Scripting vulnerability allows injecting HTML code into table edits h3. Steps to Reproduce Edit a page Then access the Insert macro 'Info' option. A new window will open, in which the Preview option must be selected. With the help of an intermediate proxy such as burp...

Phishing Tactic Hides Tracks with Custom Fonts

An insidious phishing method evades detection using a never-before-seen technique that leverages custom fonts to cover its tracks. Researchers at Proofpoint recently discovered an active credential harvesting phishing scheme. Once a victim has clicked on the initial phishing email, the resulting...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange OX AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an HTML email with crafted CSS code containing wildcards or 2 office documents containing "crafted hyperlinks with script URL handler...

CVE-2013-6997

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange OX AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an HTML email with crafted CSS code containing wildcards or 2 office documents containing "crafted hyperlinks with script URL handler...

Open-Xchange Security Advisory 2014-01-06

Open-Xchange Security Advisory 2014-01-06 Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 30203 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 7.4.0 and earlier Vulnerable component: backend Fixe...

[SA16096] PHP-Fusion BBcode &quot;color&quot; CSS Code Insertion Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...