6 matches found
EUVD-2026-34942
The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...
EUVD-2021-11375
Malware in sbrugna...
CVE-2021-24459
The getresults and getitems functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...
MIK.starlight 授权问题漏洞
MIK.starlight is the departmental access and creation dashboard, reporting and planning environment. MIK.starlight is vulnerable to authorization issues, which could allow an attacker to escalate privileges through the vulnerability...
PT-2021-17758 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 1.1.0 Description: The issue allows for the creation of an external URL that could be malicious. By not checking user input for open redirects, the URL shortener functionality would allow for a malicious user...
CVE-2020-9390
SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script...