WWBN AVideo is vulnerable to unauthenticated OS Command Injection via base64Url in objects/getImage.php

Impact An unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration secrets, internal keys, credentials, and service disruption...

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bind:value of server-side rendered elements when user-supplied content is not properly escaped. An attacker can execute arbitrary scripts in the context...

EUVD-2011-5265

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the link-handling functions used by status and report pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...

WordPress Rich Snippet Site Report plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Rich Snippet Site Report plugin suffers from a SQL injection vulnerability that stems from insufficient cleanup and escaping of user-supplied parameter last and...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the first, middle, or last name fields. An attacker can execute arbitrary web scripts in the context of another user by injecting crafted payloads into these fields, which are then rendered in various widget...

CVE-2025-8280

CVE-2025-8280 concerns the WordPress plugin “Contact Form 7 reCAPTCHA” up to version 1.2.0. It reports a Reflected Cross-Site Scripting (XSS) flaw caused by failure to escape the $_SERVER['REQUEST_URI'] value before echoing it into an HTML attribute. This can allow an attacker to inject arbitrary...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the PortalUtil.escapeRedirect function. An authenticated attacker can execute arbitrary JavaScript in the context of a user's browser by injecting malicious input into the affected process. Details Cross-sit...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the title field of a To-Do component. An attacker can inject malicious scripts by submitting crafted input to this field. Details Cross-site scripting or XSS is a code vulnerability that occurs when an...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization in |markdown filter. An attacker to inject arbitrary JS into the page, by entering Markdown and then renders it with this filter. Note: Filters that use issafe need to make sure the...

PT-2023-22782 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The Archery project contains multiple SQL injection vulnerabilities, allowing an attacker to query connected databases. The issue arises from the explain method in sql optimize.py, where us...