Brave CMS 跨站脚本漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir, based on Laravel. Brave CMS has a cross-site scripting vulnerability, which arises from the CKEditor rich text editor storing and rendering input content without escaping, potentially allowing for arbitrary...

WordPress plugin Info Cards – Add Text and Media in Card Layouts 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

CVE-2026-22028

Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed t...

EUVD-2018-1866

Malware in sbrugna...

CVE-2014-10386

The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections...

Laravel 11.0 Cross Site Scripting

/! - VULNERABILITY: Cross Site Scripting Laravel version 11.0 - Authenticated Persistent XSS - GOOGLE DORK: inurl:.com/?q= - GOOGLE DORK: Site:.com/?q= - DATE: 2024-12-01 - SECURITY RESEARCHER: E1.Coders - VENDOR: LARAVEL https://laravel.com/ - SOFTWARE LINK:...

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

Multiple content management system CMS platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment...

Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks

Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, "target WordPress websites from the browsers of completely innocent and...

Hackers Using Fake DDoS Protection Pages to Distribute Malware

WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer. "A recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims ...

CVE-2014-10386

The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections...

Design/Logic Flaw

The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections...

CVE-2014-10386

The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections...

CVE-2014-10386

The vulnerability CVE-2014-10386 affects the WordPress wp-live-chat-support plugin prior to version 4.1.0 and involves JavaScript injections. Affected software: wp-live-chat-support plugin for WordPress. Root cause: improper handling of input allowing injection of JavaScript into the plugin’s con...

PT-2019-7062 · WordPress · Wp-Live-Chat-Support

Name of the Vulnerable Software and Affected Versions: wp-live-chat-support plugin versions prior to 4.1.0 Description: The issue concerns JavaScript injections in the wp-live-chat-support plugin for WordPress. Recommendations: For versions prior to 4.1.0, update to version 4.1.0 or later to...

CVE-2018-1000163

Floodlight version 1.2 and earlier contains a Cross Site Scripting XSS vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console...

CVE-2018-1000163

Floodlight version 1.2 and earlier contains a Cross Site Scripting XSS vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console...

Cross site scripting

Floodlight version 1.2 and earlier contains a Cross Site Scripting XSS vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console...

CVE-2018-1000163

Floodlight version 1.2 and earlier contains a Cross Site Scripting XSS vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console...