PT-2024-22599 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p7 Checkmk versions prior to 2.2.0p28 Description: The issue allows users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up. This is a...

SuluFormBundle Security Vulnerability

SuluFormBundle is an application from the Austrian company Sulu that creates dynamic forms. A security vulnerability exists in SuluFormBundle versions prior to 2.5.3, which stems from a cross-site scripting vulnerability due to returned input fields not being cleaned...

CVE-2024-5165 Eclipse Ditto User Interface vulnerable to XSS due to Improper Neutralization of Input

In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly neutralized and thus vulnerable to both Reflected and Stored XSS Cross Site Scripting. Several inputs were n...

CVE-2024-31431

Cross-Site Request Forgery CSRF vulnerability in Tyche Softwares Product Input Fields for WooCommerce.This issue affects Product Input Fields for WooCommerce: from n/a through 1.7.0...

CVE-2024-31431 WordPress Product Input Fields for WooCommerce plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tyche Softwares Product Input Fields for WooCommerce.This issue affects Product Input Fields for WooCommerce: from n/a through 1.7.0...

CVE-2024-31431

CVE-2024-31431: CSRF in Tyche Softwares Product Input Fields for WooCommerce affects Product Input Fields for WooCommerce versions up to 1.7.0 (no details on root cause beyond CSRF and no patch/version provided in the available documents). Affects the plugin for WooCommerce; reported by Red Hat/W...

CVE-2024-31431 WordPress Product Input Fields for WooCommerce plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tyche Softwares Product Input Fields for WooCommerce.This issue affects Product Input Fields for WooCommerce: from n/a through 1.7.0...

WordPress Plugin Product Input Fields for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Product Input Fields for WooCommerce plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Product Input Fields for WooCommerce versions = 1.7.0...

PT-2024-22260 · Ubee · Ubee Ddw365

Name of the Vulnerable Software and Affected Versions: UBEE DDW365 XCNDDW365 version 8.14.3105 on hardware 3.13.1 Description: The issue allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via several ASP pages, including RgFirewallEL.asp, RgDdns.asp, RgTime.asp,...

CVE-2023-42308

Cross Site Scripting XSS vulnerability in Manage Fastrack Subjects in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via the "Subject Name" and "Subject Code" Section...

Responsive Pricing Table < 5.1.11 - Author+ Stored XSS

Description The plugin does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks - Create a new Pricing Table...

Wallos Security Vulnerabilities

Wallos is an open source personal subscription tracker from the individual developer Miguel Ribeiro. A security vulnerability exists in Wallos version 0.9, which stems from the vulnerability to cross-site scripting XSS in all text-based input fields...

CVE-2023-48836

Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

CVE-2023-36637

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields...

Design/Logic Flaw

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields...

CVE-2023-38916

SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields...

CVE-2023-38916

SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields...

CVE-2023-38916

SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields...

Stored HTML injection

Description Stored HTML Injection: A Hidden Web Threat. Learn how attackers exploit input fields to inject malicious code into web applications, jeopardizing user data and site integrity. Discover crucial prevention measures to safeguard against this insidious vulnerability. Step to reproduce 1...