CVE-2026-10608 DedeCMS carbuyaction.php RemoveXSS sql injection

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

CVE-2024-13751

The 3D Photo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'des' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and...