[SECURITY] Fedora 43 Update: rubygem-yard-0.9.37-5.fc43

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

EUVD-2024-1295

Malicious code in bioql PyPI...

CVE-2024-1235

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo...

GHSA-R7Q4-CW9R-VHP4 Concrete CMS Stored XSS in the Custom Class page editing

Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The...

Concrete CMS Stored XSS in the Custom Class page editing

Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The...

CVE-2024-3179

Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The...

CVE-2024-3179

Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The...

CVE-2024-3179 Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page

Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The...

CVE-2024-3179

Concrete CMS is affected by a Stored XSS vulnerability in the Custom Class page editing. Versions affected are 9.x before 9.2.8 and 8.x before 8.5.16, where insufficient validation of administrator-provided data allows a rogue administrator to inject malicious code. Impact details are limited to ...

CVE-2024-3179 Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page

Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The...

PT-2024-24206 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9.0.0 through 9.2.7 Concrete CMS versions 8.0.0 through 8.5.15 Description: The issue concerns Stored XSS in the Custom Class page editing, where a rogue administrator could insert malicious code in the custom class fiel...

PT-2024-17559 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.2 Description: The issue is related to Stored Cross-Site Scripting via the custom class field due to insufficient input sanitization and output escaping. Thi...

PT-2024-15701 · WordPress · Wpfront Notification Bar

Name of the Vulnerable Software and Affected Versions: WPFront Notification Bar plugin for WordPress versions up to, and including, 3.3.2 Description: The issue is related to Stored Cross-Site Scripting via the wpfront-notification-bar-optionscustom class parameter due to insufficient input...

h2: Loading of custom classes from remote servers through JNDI

A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script...

NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC With the Form Builder "Dev Mode” setting enabled, create a form and a...