3 matches found
CVE-2026-29066
Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...
WordPress Add Chat App Button Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)
Software Add Chat App Button Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.8 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-52489 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6803fb6fee9d Credits UKO Required privilege...
WordPress WP Calameo Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)
Software WP Calameo Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29098 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6c0b84991b1 Credits Ray Wilson Required privilege Contributor...