32 matches found
CVE-2026-10738
The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier '...' Syntax in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2026-35312
The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier '...' Syntax in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-10738
The CVE concerns the WordPress plugin jQuery Hover Footnotes, vulnerable in all versions up to 1.4. The root cause is insufficient input sanitization and output escaping in the Footnote Qualifier using a {{...}} syntax, enabling Stored XSS for authenticated users with author-level access and abov...
CVE-2026-10738 jQuery Hover Footnotes <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax)
The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier '...' Syntax in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-10738 jQuery Hover Footnotes <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax)
The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier '...' Syntax in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-47638
Name of the Vulnerable Software and Affected Versions jQuery Hover Footnotes versions prior to 1.5 Description The jQuery Hover Footnotes plugin for WordPress contains a Stored Cross-Site Scripting issue involving the Footnote Qualifier '...' Syntax. Due to insufficient input sanitization and...
EUVD-2023-2625
Malicious code in bioql PyPI...
MAL-2025-47052 Malicious code in audi-footnote-reference-service (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c035d5ff92937ddffc6c544ab41cd4721ed9e798733de1f734142b33775388ca Any computer that has this package installed or running should be considered...
CVE-2021-43827
discourse-footnote is a library providing footnotes for posts in Discourse. Impact When posting an inline footnote wrapped in tags e.g. ^footnote, the resulting rendered HTML would include a nested , which is stripped by Nokogiri because it is not valid. This then caused a javascript error on top...
Malicious code in @dh-io-globalelem/footnote-reference-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b2e6d7cc2b325220bbda28fea49385ce4c68d05c1646bc6a569ca62a0f27c443 The OpenSSF Package Analysis project identified '@dh-io-globalelem/footnote-reference-component' @ 5.990.10 npm as malicious. It is considered...
Malicious code in @dh-io-globalelem/footnote-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4022d6e9ad567de4e27943e9f7b877b7f4fc8ad0dc9e8c9dcf81738af56bc2a2 The OpenSSF Package Analysis project identified '@dh-io-globalelem/footnote-component' @ 5.990.10 npm as malicious. It is considered malicious...
Malicious code in footnote-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d840202ac5d63ed914d72fb9165d5dacf64b5449aeca46d1fb168c12f7627160 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8560 Malicious code in footnote-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d840202ac5d63ed914d72fb9165d5dacf64b5449aeca46d1fb168c12f7627160 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro
Impact The footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution,...
GHSA-35J5-M29R-XFQ5 XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro
Impact The footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution,...
Remote code execution
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of org.xwiki.platform:xwiki-core-rendering-macro-footnotes and org.xwiki.platform:xwiki-rendering-macro-footnotes and prior to version 15.1-rc-1 of...
CVE-2023-37912
Summary: CVE-2023-37912 affects XWiki Rendering’s footnote macro. Prior to versions 14.10.6 (footnotes macros) and 15.1-rc-1 (footnotes macro), the footnote macro could execute content in a different context, enabling privilege escalation from a user to programming rights and potentially remote c...
CVE-2023-37912 XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of org.xwiki.platform:xwiki-core-rendering-macro-footnotes and org.xwiki.platform:xwiki-rendering-macro-footnotes and prior to version 15.1-rc-1 of...
CVE-2023-37912 XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of org.xwiki.platform:xwiki-core-rendering-macro-footnotes and org.xwiki.platform:xwiki-rendering-macro-footnotes and prior to version 15.1-rc-1 of...
XWiki Rendering Security Vulnerability
XWiki Rendering is a general-purpose rendering system from the XWiki Foundation that converts text input from a given syntax wiki syntax, HTML, etc. to another syntax XHTML, etc.. A security vulnerability exists in XWiki Rendering that stems from a footnote macro executing its contents in possibl...