15 matches found
CVE-2024-41709
Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission...
EUVD-2009-4498
Malware in sbrugna...
EUVD-2025-10805
Malicious code in bioql PyPI...
CVE-2025-43776
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA...
CVE-2025-43776
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA...
CVE-2025-43776
CVE-2025-43776 is a stored cross-site scripting vulnerability in Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q1.0–Q2.9 (plus earlier 2024 Q1–Q4 releases) where an authenticated attacker can inject JavaScript via the Custom Object field label. The malicious payload is stored and executed v...
CVE-2025-43776
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA...
CVE-2024-45429
Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the...
WordPress plugin Advanced Custom Fields和WordPress plugin Advanced Custom Fields Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Ninja Forms < 3.6.34 - Admin+ Stored XSS
Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however the...
CVE-2021-24700
CVE-2021-24700 – Forminator WordPress plugin vulnerability : The WordPress Forminator plugin versions before 1.15.4 do not sanitize and escape the email field label, enabling stored Cross-Site Scripting (XSS) by high-privilege users. Affected software: Forminator Form plugin for WordPress; vulner...
Cross site scripting
Cross-site scripting XSS vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrateui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label...
Cross site scripting
Cross-site scripting XSS vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label...
CVE-2009-4532
Cross-site scripting XSS vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label...
CVE-2009-4532
Cross-site scripting XSS vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label...