22 matches found
CVE-2025-15369
CVE-2025-15369 affects the WordPress plugin Xpro Addons — 140+ Widgets for Elementor. All versions up to and including 1.5.0 are vulnerable due to a missing capability check in the get_content_editor function, enabling unauthenticated attackers to modify data and create published Xpro templates. ...
CVE-2025-5114
A vulnerability has been found in easysoft zentaopms 21.520250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer. The manipulation of the argument filePath lea...
CVE-2023-2057
A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin=Arctype=edit of the component New Picture Handler. The manipulation of the argument litpicloca leads to cross site scripting. It is possible to launch t...
CVE-2022-25979
Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the Editor function...
BIT-OPENCART-2024-36694
OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...
GHSA-J2V2-3784-VR44 Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xrh7-2gfq-4rcq. This link is maintained to preserve external references. Original Description OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xrh7-2gfq-4rcq. This link is maintained to preserve external references. Original Description OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...
CVE-2024-36694
OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...
CVE-2024-36694
OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...
CVE-2024-36694
OpenCart 4.0.2.3 is affected by a Server-Side Template Injection (SSTI) in the Theme Editor Function. The root cause is improper validation/sanitization of user input within the Theme Editor, allowing server-side template code execution. Documented impact indicates potential high severity with se...
CVE-2024-36694
OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...
PT-2024-27131
Name of the Vulnerable Software and Affected Versions OpenCart version 4.0.2.3 Description The issue is related to a Server-Side Template Injection SSTI vulnerability via the Theme Editor Function. This allows attackers to execute arbitrary code by injecting a crafted payload. Recommendations For...
CVE-2020-23066
Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v.5.0.0 thru v.5.1.4 allows an attacker to execute arbitrary code via the editor function...
CVE-2020-23066
Rejected reason: DO NOT USE THIS CVE ID NUMBER. Consult IDs: CVE-2020-17480. Reason: This CVE Record is a duplicate of CVE-2020-17480. Notes: All CVE users should reference CVE-2020-17480 instead of this record...
SUSE CVE-2012-4213
Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via unspecified vectors...
jSuites subect to Cross-site Scripting
Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the Editor function...
CVE-2022-25979
Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the Editor function...
Cross site scripting
Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the Editor function...
CVE-2022-25979
Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the Editor function...
Jsuites 跨站脚本漏洞
Jsuites is a set of lightweight, commonly used javascript web components. A security vulnerability exists in Jsuites versions prior to 5.0.1, which stems from an improper sanitization of user input in its Editor function that allows an attacker to implement cross-site scripting...