15 matches found
EUVD-2022-55979
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...
CVE-2022-50958
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...
CVE-2022-50958
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting (XSS) vulnerability in grunion-form-view.php via the post_id parameter. Unauthenticated attackers can craft URLs with script payloads in post_id to execute arbitrary JavaScript in victims’ browsers. A public exploit exists per...
CVE-2022-50958 WordPress Plugin Jetpack 9.1 Cross Site Scripting via grunion-form-view.php
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...
CVE-2022-50958 WordPress Plugin Jetpack 9.1 Cross Site Scripting via grunion-form-view.php
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...
CVE-2022-50958
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...
WordPress plugin Jetpack 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-39483
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post id parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the post id paramete...
EUVD-2025-37000
A SQL injection vulnerability exists in CSZ-CMS =1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries...
CSZ-CMS 安全漏洞
CSZ-CMS is a PHP-based open source content management system CMS from CSZ-CMS Open Source. A security vulnerability exists in CSZ-CMS 1.3.0 and prior versions, which stems from an unvalidated field parameter in the form view function, which could lead to an SQL injection attack...
Path Traversal in django-s3file
Impact It was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, before the release of the patch. If the AWSLOCATION setting...
GHSA-4W8F-HJM9-XWGF Path Traversal in django-s3file
Impact It was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, before the release of the patch. If the AWSLOCATION setting...
Liferay Portal 跨站脚本漏洞
Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and more. A security vulnerability exists in Liferay Portal...
Foxit Reader and Foxit PhantomPDF for Windows Resource Management Error Vulnerability (CNVD-2019-13814)
Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A resource management error vulnerability exists in the XFA CXFAFFDocView object in Foxit Reader 9.4.1.16828 and earlier versions, Foxit PhantomPDF 8.3.9.41099 and earlier versions, and Foxit PhantomPDF...
PT-2019-18321 · Foxit · Foxit Reader
Name of the Vulnerable Software and Affected Versions: Foxit Reader version 9.4.0.16811 Description: This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The...