9 matches found
EUVD-2017-18478
Malware in sbrugna...
CVE-2019-19133
The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a cssheroaction=editpage request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in th...
Cross site scripting
DISPUTED A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS...
CVE-2018-10726
CVE-2018-10726 is a stored XSS vulnerability in Datenstrom Yellow 0.7.3 exploitable via the "Edit page" action. Multiple connected reports reiterate the vendor’s note that installations accessible to untrusted users should have parserSafeMode=1 in system/config/config.ini to prevent XSS. Affected...
CVE-2018-10726
A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS...
PT-2018-10068 · Datenstrom · Datenstrom Yellow
Name of the Vulnerable Software and Affected Versions: Datenstrom Yellow version 0.7.3 Description: A stored XSS issue was found via an "Edit page" action. The vendor disputes the relevance of this report, noting that installations accessible to untrusted users should have parserSafeMode=1 in...
CVE-2017-9547
admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication aka ...
Cross site scripting
admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication aka ...
CVE-2017-9547
admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication aka ...