3 matches found
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the linkHref field handling. An attacker can execute arbitrary JavaScript by supplying a javascript: URL in an image widget's link URL field and having it rendered on the page. This affects...
PT-2025-45582
Name of the Vulnerable Software and Affected Versions qianfox FoxCMS versions up to 1.2.16 Description A cross-site scripting issue exists in the add/edit function of the app/admin/controller/Product.php file. Manipulation of the Title argument can trigger this issue. The attack can be initiated...
Define the security for which plugins can be used by which users on which pages
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-34095. panel This is a request for a new feature which could restrict/define the usage of specific plugins/macros to only allow...