5077 matches found
CVE-2025-64027
Snipe-IT v8.3.4 build 20218 contains a reflected cross-site scripting XSS vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progressmessage value that is rendered as raw HTML in the admin interface. An attacker can intercept and modify the...
CVE-2025-64027
Snipe-IT v8.3.4 build 20218 contains a reflected cross-site scripting XSS vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progressmessage value that is rendered as raw HTML in the admin interface. An attacker can intercept and modify the...
CVE-2025-64027
Snipe-IT v8.3.4 build 20218 contains a reflected cross-site scripting XSS vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progressmessage value that is rendered as raw HTML in the admin interface. An attacker can intercept and modify the...
PT-2025-47606
Name of the Vulnerable Software and Affected Versions Snipe-IT version 8.3.4 build 20218 Description The software contains a reflected cross-site scripting XSS issue within the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progress message value that is...
CVE-2025-13133
The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.1.7 via the 'Import/export users' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untrusted input into export...
EUVD-2025-198102
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted data supplied via CSV file imports in the importsinglepostascsv function within...
CVE-2025-13145
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted data supplied via CSV file imports in the importsinglepostascsv function within...
CVE-2025-13145 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted data supplied via CSV file imports in the importsinglepostascsv function within...
CVE-2025-13145 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted data supplied via CSV file imports in the importsinglepostascsv function within...
WordPress plugin WP Import – Ultimate CSV XML Importer 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...
PT-2025-47438
Name of the Vulnerable Software and Affected Versions WP Import – Ultimate CSV XML Importer for WordPress versions prior to 7.33.1 Description The WP Import – Ultimate CSV XML Importer for WordPress plugin is susceptible to PHP Object Injection due to the deserialization of untrusted data from CS...
WordPress WP Import – Ultimate CSV XML Importer for WordPress plugin <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import vulnerability
Authenticated Administrator+ PHP Object Injection via CSV Import vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.33.1...
CVE-2025-13133
The CVE-2025-13133 entry concerns the WordPress plugin Simple User Import Export (versions
CVE-2025-12823
The CSV to SortTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csv' shortcode in all versions up to, and including, 4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
EUVD-2025-197946
The CSV to SortTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csv' shortcode in all versions up to, and including, 4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2025-12823 CSV to SortTable <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The CSV to SortTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csv' shortcode in all versions up to, and including, 4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2025-12823
CVE-2025-12823 affects the WordPress CSV to SortTable plugin (versions ≤ 4.2). The root cause is insufficient input sanitization and output escaping on the csv shortcode attributes, enabling Stored Cross-Site Scripting for authenticated attackers with Contributor-level access or higher. The attac...
PT-2025-47286
Name of the Vulnerable Software and Affected Versions Simple User Import Export plugin for WordPress versions up to and including 1.1.7 Description The Simple User Import Export plugin for WordPress is susceptible to CSV Injection through the 'Import/export users' function. This allows...
📄 Snipe-IT 8.3.4 Cross Site Scripting
Snipe-IT version 8.3.4 suffers from a cross site scripting vulnerability. Product Info Snipe-IT is a free and open-source IT asset management system FOSS built on Laravel. It provides hardware asset tracking, software license management, accessories, and consumables inventory features for IT...
WordPress plugin CSV to SortTable 跨站脚本漏洞
WordPress CSV to SortTable plugin is WordPress plugin for converting CSV files to interactive sorting tables. The WordPress CSV to SortTable plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...