5006 matches found
CVE-2022-35590
A cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "enddate" Parameter...
CVE-2022-35587
A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter...
CVE-2022-35587
A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter...
Cross site scripting
A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishontime" Parameter...
Cross site scripting
A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter...
Cross site scripting
A cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "enddate" Parameter...
Cross site scripting
A stored cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "startdate" Parameter...
CVE-2022-35587
Summary: ForkCMS 5.9.3 is affected by a cross-site scripting (XSS) flaw that allows remote injection of JavaScript via the publish_on_date parameter. The issue is described across multiple sources and is attributed to the handling of the spoon library charset in Kernel.php (defineForkConstants). ...
CVE-2022-35589
Summary: CVE-2022-35589 is a cross-site scripting (XSS) vulnerability in ForkCMS v5.9.3 that allows remote attackers to inject JavaScript via the publish_on_time parameter. The issue has several public entries (NVD, Red Hat, Veracode, GHSA) describing the same vector and confirm the vulnerable co...
CVE-2022-35589
A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishontime" Parameter...
Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’
Users of Apple’s Instagram and Facebook iOS apps are being warned that both use an in-app browser that allows parent company Meta to track ‘every single tap’ users make with external websites accessed via the software. Researcher Felix Krause, who outlined how Meta tracks users in a blog posted...
PT-2022-22911 · Fork Cms · Fork Cms
Name of the Vulnerable Software and Affected Versions: ForkCMS versions prior to 5.11.0 Description: A stored cross-site scripting XSS issue allows remote attackers to inject JavaScript via the start date Parameter. This issue was patched in version 5.11.0. Recommendations: For ForkCMS versions...
PT-2022-22913 · Fork · Fork
Name of the Vulnerable Software and Affected Versions: Fork version 5.9.3 Description: A cross-site scripting XSS issue allows remote attackers to inject JavaScript via the publish on time Parameter. This issue was patched in version 5.11.0, which means all versions prior to 5.11.0 are affected...
PT-2022-22914 · Fork Cms · Fork Cms
Name of the Vulnerable Software and Affected Versions: ForkCMS version 5.9.3 Description: A cross-site scripting XSS issue allows remote attackers to inject JavaScript via the end date Parameter. This issue was patched in version 5.11.0, which implies that versions prior to 5.11.0 are affected...
ForkCMS 跨站脚本漏洞
ForkCMS is a software application. An easy-to-use open source CMS using Symfony components. A security vulnerability exists in ForkCMS version 5.9.3. A remote attacker can exploit this vulnerability to inject JavaScript via the "publishontime" parameter...
PT-2022-22912 · Fork · Fork
Name of the Vulnerable Software and Affected Versions: Fork version 5.9.3 Description: A cross-site scripting XSS issue allows remote attackers to inject JavaScript via the publish on date Parameter. This issue was patched in version 5.11.0, which means all versions prior to 5.11.0 are affected...
CVE-2022-2391
The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description...
CVE-2022-2391
The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description...
CVE-2022-2391
CVE-2022-2391 affects the Inspiro PRO WordPress plugin. The issue stems from inadequate sanitization of the portfolio slider description, enabling stored cross-site scripting where users with privileges as low as Contributor can inject JavaScript. Affected: Inspiro PRO WordPress plugin versions e...
WordPress plugin Inspiro PRO 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. The WordPress plugin Inspiro PRO suffe...