CVE-2020-8429

The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. The logFile parameter in the getLogs...

CVE-2024-1712

The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2021-24233

The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute...

[SA13202] Aztek Forum Cross-Site Scripting Vulnerabilities

TITLE: Aztek Forum Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA13202 VERIFY ADVISORY: http://secunia.com/advisories/13202/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Aztek Forum http://secunia.com/product/4254/ DESCRIPTION: benji lemien has...

[SA12840] DevoyBB Unspecified Cross-Site Scripting and SQL Injection Vulnerabilities

TITLE: DevoyBB Unspecified Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA12840 VERIFY ADVISORY: http://secunia.com/advisories/12840/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: DevoyBB 1.x...