GHSA-W4FJ-87J5-F25C XWiki has Reflected Cross-Site Scripting (XSS) in page history compare

Impact A reflected cross-site scripting vulnerability XSS in the compare view between revisions of a page allows executing JavaScript code in the user's browser. If the current user is an admin, this can not only affect the current user but also the confidentiality, integrity and availability of...

PT-2026-32971

Name of the Vulnerable Software and Affected Versions XWiki Platform versions 10.4-rc-1 through 16.10.15 XWiki Platform versions 17.0.0-rc-1 through 17.4.7 XWiki Platform versions 17.5.0-rc-1 through 17.10.0 Description A reflected cross-site scripting XSS issue in the comparison view between pag...

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization. It is mainly used as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and escaping of the INCSPD, OUTSPD, DEFCLASSINC, and DEFCLASSOUT parameters,...

CVE-2024-1292

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress plugin The WP Statistics SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

Joy Of Text Lite < 2.3.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection PoC Invoke the following curl command to induce a 5 second sleep: time curl...

CVE-2022-3720

The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users...

Tabs < 3.7.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow high privilege users to perform Cross-Site Scripting attacks...

Covid-19 Travel Pass Management System SQL Injection Vulnerability

Covid-19 Travel Pass Management System is a Covid-19 travel pass management system. It provides an online platform for individuals to submit travel passes within the Covid-19 restrictions. The Covid-19 Travel Pass Management System suffers from an SQL injection vulnerability that originates in...

Netgear NETGEAR 命令注入漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in certain NETGEAR devices that stems from the lack of effective filtering and escaping of command parameters...

Netgear NETGEAR 命令注入漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in certain NETGEAR devices that stems from the lack of effective filtering and escaping of command parameters...

Netgear NETGEAR 命令注入漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in certain NETGEAR devices that stems from the lack of effective filtering and escaping of command parameters...