20 matches found
CVE-2025-11267
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'veucustomcss' parameter in all versions up to, and including, 9.112.1. This is due to insufficient input sanitization and output escaping on the user-supplied Custom CSS value. This makes i...
CVE-2025-11267
The VK All in One Expansion Unit WordPress plugin is affected by a Stored XSS in the _veu_custom_css value across versions up to 9.112.1. The vulnerability stems from insufficient input sanitization and output escaping, enabling authenticated attackers with Contributor-level access or higher to i...
CVE-2009-1616
Cross-site scripting XSS vulnerability in docs/showdoc.php in Coppermine Photo Gallery CPG before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505...
PT-2025-1907 · WordPress · Ht Mega – Absolute Addons For Elementor
Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.7.6 Description: The issue is related to Stored Cross-Site Scripting via the block css and inner css parameters due to insufficient input sanitizati...
CVE-2023-6812
The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the 'css' parameter. This makes it possible for unauthenticated attackers to...
CVE-2023-6699
The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...
CVE-2023-6699
The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...
PT-2024-15056 · WordPress · Wp Compress – Image Optimizer
Name of the Vulnerable Software and Affected Versions: WP Compress – Image Optimizer All-In-One plugin for WordPress versions up to, and including, 6.10.33 Description: The issue allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...
CVE-2021-24208
The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets though the custom HTML widget requires sending a crafted request - it appears that this...
WordPress Easy Custom Auto Excerpt Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Easy Custom Auto Excerpt plugin is used in one of the document collection plugin. A cross-site scripting...
NUUO NVRmini 2 <= 3.0.8 LFI Vulnerability - Active Check
NUUO NVRmini 2 devices are prone to a local file disclosure LFI vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
NUUO NVRmini 2 Local File Information Disclosure Vulnerability
NUUO provides a stable and high performance digital networked surveillance system. NUUO NVRmini 2 suffers from a local file information disclosure vulnerability when an improperly validated 'css' parameter is passed into the 'cssparser.php' script. An attacker can exploit this vulnerability to le...
Active Calendar 1.2 data/m_2.php css Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/22705/info Active Calendar is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...
Active Calendar 1.2 data/m_3.php css Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/22705/info Active Calendar is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...
M-TECH P-Synch 6.2.5 nph-psf.exe css Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/7745/info P-Synch does not adequately filter HTML code from URL parameters, making it prone to cross-site scripting attacks. Code will be executed in the security context of the system running P-Synch. This may enable a...
CVE-2009-4088
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to 1 getjs.php and 2 getcsslocal.php; and include and execute arbitrary local files via the 3 group parameter to...
CVE-2009-4088
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to 1 getjs.php and 2 getcsslocal.php; and include and execute arbitrary local files via the 3 group parameter to...
CVE-2009-1616
Cross-site scripting XSS vulnerability in docs/showdoc.php in Coppermine Photo Gallery CPG before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505...
Cross site scripting
Cross-site scripting XSS vulnerability in docs/showdoc.php in Coppermine Photo Gallery CPG before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505...
CVE-2007-1111
CVE-2007-1111 affects ActiveCalendar 1.2.0 with multiple XSS vulnerabilities in data/ via the css parameter to nine PHP scripts (flatevents.php, js.php, mysqlevents.php, m_2.php, m_3.php, m_4.php, xmlevents.php, y_2.php, y_3.php). Root cause: improper handling of user-supplied css parameter leads...