CVE-2023-41734

CVE-2023-41734 affects the WordPress plugin Insert Estimated Reading Time (nigauri)

Amazon Linux 2 : postgresql (ALASPOSTGRESQL11-2023-003)

The version of postgresql installed on the remote host is prior to 11.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL11-2023-003 advisory. A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let...

CVE-2023-42426

Cross-site scripting XSS vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component...

Cross site scripting

Cross-site scripting XSS vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component...

Froala Editor Cross-Site Scripting Vulnerability

Froala Editor is a powerful JavaScript rich text editor for individual developers. A cross-site scripting vulnerability exists in Froala Editor v.4.1.1. A remote attacker can exploit this vulnerability to execute arbitrary code via the "Insert link" parameter in the "Insert Image" component...

PT-2023-28334 · Froala · Froala Editor

Name of the Vulnerable Software and Affected Versions: Froala Editor version 4.1.1 Description: A cross-site scripting XSS issue allows remote attackers to execute arbitrary code via the Insert link parameter in the Insert Image component. This enables attackers to inject malicious code,...

Cross Site Scripting

froala-editor & froala/wysiwyg-editor is vulnerable to Cross Site Scripting. The vulnerability is due to the Insert Link functionality which does not properly sanitize or validate the link that user provides, resulting in Cross Site Scripting...

CVE-2023-42371

Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component...

CVE-2023-42371

Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component...

CVE-2023-42371

Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component...

Cross site scripting

Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component...

CVE-2023-42371

Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component...

CVE-2023-42371

Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component...

Summernote Rich Text Editor Cross-Site Scripting Vulnerability

Summernote Rich Text Editor is a rich text editor from Summernote. A cross-site scripting vulnerability exists in Summernote Rich Text Editor v.0.8.18 and prior versions, which originates from a vulnerability that could allow a remote attacker to execute arbitrary code via a crafted script in the...

WordPress Insert Estimated Reading Time Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Insert Estimated Reading Time Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41734 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 640ae1572beb Credits Rio Darmawan...

CVE-2023-39560

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php...

CVE-2023-39560

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php...

ECTouch SQL注入漏洞

ECTouch is a software application. An open source mobile mall system to create an enterprise exclusive mobile mall. ECTouch v2 version of a security vulnerability , the vulnerability stems from through the defaulthelpersinsert.php in the parameter id there is a SQL injection vulnerability...

GHSA-RCX8-48PC-V9Q8 mail-internals use-after-free vulnerability in `vec_insert_bytes`

Incorrect reallocation logic in the function vecinsertbytes causes a use-after-free. This function does not have to be called directly to trigger the vulnerability because many methods on EncodingWriter call this function internally. The mail-\ suite is unmaintained and the upstream sources have...

Online Travel Agency System Cross-Site Scripting Vulnerability

Online Travel Agency System is an online travel agency system. Online Travel Agency System v1.0 version of a cross-site scripting vulnerability, the vulnerability stems from the insert.php parameter description of the user-supplied data lack of effective filtering and escaping, an attacker can...