39 matches found
CVE-2026-4336 Ultimate FAQ Accordion Plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content
The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...
CVE-2019-16725
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates...
EUVD-2019-15827
Malware in sbrugna...
EUVD-2017-1243
Malware in sbrugna...
EUVD-2019-15830
Malware in sbrugna...
EUVD-2017-18273
Malware in sbrugna...
EUVD-2021-12862
Malware in sbrugna...
EUVD-2022-31204
Malicious code in bioql PyPI...
EUVD-2022-5313
Malicious code in bioql PyPI...
BIT-JOOMLA-2024-21725 [20240204] - Core - XSS in mail address outputs
Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components...
WordPress plugin WP Attachments 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress WP Attachments plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied dat...
CVE-2020-8421
An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in comactionlogs...
CVE-2024-21725 [20240204] - Core - XSS in mail address outputs
Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components...
Flickr: Stored XSS in photos_user_map.gne
The Flickr map page was inadequately escaping the name of groups when browsing the map of a group's photos...
[20210705] - Core - XSS in com_media imagelist
Inadequate escaping in the imagelist view of commedia leads to a XSS vulnerability...
[20210701] - Core - XSS in JForm Rules field
Inadequate escaping in the Rules field of the JForm API leads to a XSS vulnerability...
[20210401] - Core - Escape xss in logo parameter error pages
Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages...
[20200103] - Core - XSS in com_actionlogs
Inadequate escaping of usernames allow XSS attacks in comactionlogs...
CVE-2019-6261
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in comcontact leads to a stored XSS vulnerability...
[20190102] - Core - Stored XSS in com_contact
Inadequate escaping in comcontact leads to a stored XSS vulnerability...