173 matches found
WordPress Plugin Ultimate Bootstrap Elements for Elementor Security Breach
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2024-23174
An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder,...
Greenshift < 5.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit Additional CSS classes for "Advanced...
Greenshift < 5.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit Additional CSS classes for "Advanced Heading"...
CVE-2022-4600
A vulnerability was found in Shoplazza LifeStyle 1.1. It has been classified as problematic. This affects an unknown part of the file /admin/api/theme-edit/ of the component Product Carousel Handler. The manipulation of the argument Heading/Description leads to cross site scripting. It is possibl...
Shoplazza LifeStyle 跨站脚本漏洞
Shoplazza LifeStyle is an e-commerce website from Shoplazza, Inc. A security vulnerability exists in Shoplazza LifeStyle version 1.1 that stems from cross-site scripting due to incorrect manipulation of the parameters Heading/Description...
Shoplazza LifeStyle 跨站脚本漏洞
Shoplazza LifeStyle is an e-commerce website by Shoplazza, Inc. A security vulnerability exists in Shoplazza LifeStyle version 1.1, which stems from cross-site scripting due to incorrect manipulation of the parameters Subheading/Heading/Text/Button Text/Label...
CVE-2022-44945
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the headingfieldid parameter...
Rukovoditel SQL注入漏洞
Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. Rukovoditel v3.2.1 version of a security vulnerability , the vulnerability stems from through the headingfield...
PT-2022-27344 · Unknown · Rukovoditel
Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A SQL injection issue was discovered via the heading field id parameter. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world...
Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes
Red Hat Advanced Cluster Management for Kubernetes 2.5.0 is now generally available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2020-18468
Cross Site Scripting XSS vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM9.1/index.php/configuration...
CVE-2020-18468
Cross Site Scripting XSS vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM9.1/index.php/configuration...
CVE-2020-13588
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The headingfieldid parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this...
PT-2021-9654 · Unknown · Rukovoditel Project Management App
Name of the Vulnerable Software and Affected Versions: Rukovoditel Project Management App version 2.7.2 Description: An exploitable SQL injection issue exists in the 'entities/fields' page. The heading field id parameter in this page is vulnerable to authenticated SQL injection. An attacker can...
CVE-2021-24482
The Related Posts for WordPress plugin through 2.0.4 does not sanitise its headingtext and CSS settings, allowing high privilege users admin to set XSS payloads in them, leading to Stored Cross-Site Scripting issues...
CVE-2021-24292
The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site ScriptingXSS by lower-privileged users such as contributors, all via a similar method: The “Card” widget...
Related Posts for WordPress < 2.0.5 - Authenticated Stored XSS & XFS
The plugin does not sanitise its headingtext and css settings, allowing high privilege users admin to set XSS payloads in them, leading to Stored Cross-Site Scripting issues. PoC Payloads: $ m0ze"...
CVE-2021-24202
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifie...
Design/Logic Flaw
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifie...