22 matches found
CVE-2026-42841
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered image HTML through Grav's Markdown media action syntax. The issue is caused by Markdown image query parameters...
Stack-based Buffer Overflow
Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
CVE-2025-13966
CVE-2025-13966 : The Paypal Payment Shortcode plugin for WordPress is vulnerable to a stored XSS via the buttom_image parameter in the [paypal-shortcode] shortcode, affecting all versions up to 1.01. The Wordfence Vulnerability DB notes that this requires Contributor+ access and that a patch is n...
WordPress Paypal Payment Shortcode plugin <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buttom_image' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'buttomimage' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Paypal Payment Shortcode versions = 1.01...
TencentOS Server 4: grafana (TSSA-2025:0594)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0594 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
PT-2024-27888 · WordPress · Salient Shortcodes
Name of the Vulnerable Software and Affected Versions: Salient Shortcodes plugin for WordPress versions up to, and including, 1.5.3 Description: The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion via the icon shortcode image attribute. This allows authenticated...
WordPress WP Chat App plugin <= 3.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Image Attribute vulnerability
AuthenticatedContributor+ Stored Cross-Site Scripting via Block Image Attribute vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin WP Chat App versions = 3.6.2...
Buffer overflow
Buffer overflow can occur when processing non standard SDP video Image attribute parameter in a VILTE\VOLTE call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009...
Cross site scripting
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in image attribute specification...
XSS in the wikirenderer component - CVE-2019-8444
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in image attribute specification...
Sandbox Restrictions Bypass
OpenJDK 7 Java Runtime Environment and Software Development Kit is susceptible to sandbox restriction bypass. Due to the flaws in ImagingLib and the image attribute, channel, layout and raster processing in the 2D component, it does not prevent an untrusted Java application or applet to trigger...
Pandao Editor.md Cross-Site Scripting Vulnerability
Pandao Editor.md is an open source online Markdown a markup language editor components. A cross-site scripting vulnerability exists in Pandao Editor.md version 1.5.0, which can be exploited by remote attackers to gain administrator privileges with a specially crafted invalid IMG element attribute...
CVE-2014-9212
Multiple cross-site scripting XSS vulnerabilities in Altitude uAgent in Altitude uCI Unified Customer Interaction 7.5 allow remote attackers to inject arbitrary web script or HTML via 1 an email hyperlink or the 2 style parameter in the image attribute section...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Altitude uAgent in Altitude uCI Unified Customer Interaction 7.5 allow remote attackers to inject arbitrary web script or HTML via 1 an email hyperlink or the 2 style parameter in the image attribute section...
phpyun多漏洞组合写shell(有条件限制)
简要描述: phpyun多漏洞组合写shell有条件限制 详细说明: 1. Phpyun的后台基本都有token。 之所以说基本,是因为还漏掉了一个关键的地方。 Phpyun的管理员帐号密码都在phpyunadminuser表中。 用上面的方法进行备份,是没有token的 限制条件 http://wooyun.org/bugs/wooyun-2014-064004 感谢u神 然后如下。 2. 好的,再来说如果实现上面这个get的问题。 我们注册一个企业用户。 然后在添加一个表情,然后修改图片属性,地址。...
OpenJDK: Incorrect image attribute verification (2D, 8012438)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...
OpenJDK: Incorrect image attribute verification (2D, 8012438)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...
OpenJDK: Incorrect image attribute verification (2D, 8012438)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...
OpenJDK: Incorrect image attribute verification (2D, 8012438)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...
OpenJDK: Incorrect image attribute verification (2D, 8012438)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...