WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Insert Pages plugin has a cross-site scripting vulnerability in versions prior to 3.7.0, whi...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress Insert Pages plugin in versions prior to 3.7.0,...

PT-2021-16333 · WordPress · Insert Pages

Name of the Vulnerable Software and Affected Versions: Insert Pages WordPress plugin versions prior to 3.7.0 Description: The issue allows users with a role as low as Contributor to access content and metadata from arbitrary posts or pages, regardless of their author and status, including private...

PT-2021-8167 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a memory leak in the perf env insert btf function when a duplicate BTF id is encountered. This function does not insert the duplicate id and causes a memory lea...

OpenSC 安全漏洞

OpenSC is an open source smart card tool and middleware. A security vulnerability exists in OpenSC, which can be exploited by an attacker to force the reuse of a freed OpenSC memory region via insert pin to trigger a denial of service and potentially run code...

PT-2022-11687 · Opensc +4 · Opensc +4

Name of the Vulnerable Software and Affected Versions: Opensc versions prior to 0.22.0 Description: A use after return issue was found in the insert pin function that could potentially crash programs using the library. Recommendations: For versions prior to 0.22.0, update to version 0.22.0 or lat...

GHSA-97X5-CC53-CV4V Cross site scripting in froala-editor

A cross site scripting XSS vulnerability in the Insert Video function of Froala WYSIWYG Editor allows attackers to execute arbitrary web scripts or HTML...

Cross site scripting in froala-editor

A cross site scripting XSS vulnerability in the Insert Video function of Froala WYSIWYG Editor allows attackers to execute arbitrary web scripts or HTML...

Cross-site Scripting (XSS)

froala/wysiwyg-editor is vulnerable to cross-site scripting attacks. The vulnerability exists because the 'html.insert' in the Insert Video function does not properly sanitize the user input, which allows a malicious attacker to inject and execute arbitrary web script...

CVE-2020-22864

A cross site scripting XSS vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-22864

CVE-2020-22864 concerns Froala WYSIWYG Editor, specifically the Insert Video function in version 3.1.0, where a cross-site scripting (XSS) vulnerability exists. The connected documents attribute the root cause to insufficient sanitization of user input in the Insert Video flow (e.g., html.insert)...

PT-2021-10802 · Froala · Froala Wysiwyg Editor

Name of the Vulnerable Software and Affected Versions: Froala WYSIWYG Editor version 3.1.0 Description: A cross site scripting XSS vulnerability in the Insert Video function of Froala WYSIWYG Editor allows attackers to execute arbitrary web scripts or HTML. Recommendations: For Froala WYSIWYG...

SUSE SLED12 / SLES12 Security Update : postgresql10 (SUSE-SU-2021:3481-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3481-1 advisory. - A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While...

Oracle E-Business Suite Unauthorized Access Vulnerability (CNVD-2022-02353)

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...

CVE-2021-35576

CVE-2021-35576 is a vulnerability in Oracle Database Server's Unified Audit component affecting 12.1.0.2, 12.2.0.1 and 19c. It allows a high-privileged attacker with Local Logon and network access via Oracle Net to compromise the Unified Audit data, potentially enabling unauthorized update/insert...

Oracle Database Server has an unspecified vulnerability (CNVD-2021-84599)

Oracle Database Server is a relational database management system from Oracle Corporation USA. An unspecified vulnerability exists in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server versions 12.1.0.2, 12.2.0.1, and 19c. An attacker could use this...

Oracle E-Business Suite和Oracle Applications Manager 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...

Oracle Database Server 输入验证错误漏洞

Oracle Database Server is a relational database management system from Oracle Corporation USA. An unspecified vulnerability exists in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server versions 12.1.0.2, 12.2.0.1, and 19c. An attacker could use this...

Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting

The plugin adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields. - Create a page A - Add a custom field containing JS in...

Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting

The plugin adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields. PoC - Create a page A - Add a custom field containing JS...