5057 matches found
CVE-2022-2413
The CVE-2022-2413 issue affects the Slide Anything WordPress plugin prior to 2.3.47. Root cause: the slide title is not properly sanitized/escaped before output in admin pages, enabling a logged-in user with roles as low as Author to inject JavaScript payloads. Impact: cross-site scripting in adm...
WordPress plugin Slide Anything Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2024-11527 · WordPress · Slide Anything
Name of the Vulnerable Software and Affected Versions: Slide Anything WordPress plugin versions prior to 2.3.47 Description: The issue arises from the improper sanitization or escaping of the slide title before it is outputted in the admin pages. This allows a logged-in user with roles as low as...
WordPress plugin Dokan security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability previously...
Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin
On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin to our Wordfence Intelligence Vulnerability Database. This vulnerability, which was originally reported by WPScan, allows an unauthenticated attacker to inject arbitrary JavaScript tha...
Cross Site Scripting (XSS)
github.com/gofiber/template is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper validation and sanitization of user input via the template engine. This issue can be exploited by attacker via injecting malicious JavaScript via the template engine resulting in XSS...
VulnCheck KEV: CVE-2023-6000
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks...
CVE-2023-6000 Popup Builder < 4.2.3 - Unauthenticated Stored XSS
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks...
EUVD-2023-58267
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks...
Stored Cross Site Scripting (XSS)
Winter CMS is vulnerable to Stored Cross Site Scripting XSS. The vulnerability is due to improper sanitization within the rename functionality of files after uploads to the Media Manager. This issue can be exploited by an attacker with the media.managemedia permission to upload a file and later...
Input validation
Englesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the...
CVE-2023-50924
CVE-2023-50924 affects the Englesystem shift planning system. Prior to v3.4.1, it performed insufficient validation of user-supplied data in the DECT number, mobile number, and work-log comment fields. This allowed an authenticated user to inject JavaScript into other users’ sessions, with the in...
CVE-2023-50924 Stored XSS in Overview and Output fields
Englesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the...
PT-2023-31712 · Unknown · Englesystem
Name of the Vulnerable Software and Affected Versions: Englesystem versions prior to 3.4.1 Description: Englesystem is a shift planning system for chaos events. The system performed insufficient validation of user-supplied data for the DECT number, mobile number, and work-log comment fields. This...
CVE-2023-51458
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
Cross site scripting
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
Cross site scripting
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
Cross site scripting
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
Cross site scripting
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
Cross site scripting
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...