Design/Logic Flaw

This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed...

WordPress Preview E-Mails for WooCommerce Plugin Cross-Site Scripting Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in the...

Vulnerabilities fixed in IBM Security SiteProtector System

IBM has fixed two vulnerabilities in SiteProtector. A malicious party can exploit the vulnerabilities to execute arbitrary execute arbitrary JavaScript code in the Web interface to potentially gain access to system data or sensitive data, such as credentials. To do this, the malicious party must...

DEBIAN-CVE-2021-41165

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...

DEBIAN-CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

UBUNTU-CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

CVE-2021-42360

The CVE-2021-42360 issue affects WordPress Starter Templates (Brainstorm Force) plugin

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress Elementor plugin that stems from a lack of data validation...

CKEditor 跨站脚本漏洞

CKEditor is a set of open source, web-based text editors.A cross-site scripting vulnerability exists in CKEditor, which allows attackers to bypass content cleanup to inject misformatted HTML, which could lead to the execution of JavaScript code. No detailed vulnerability details are currently...

PT-2021-6875 · Unknown +1 · Ckeditor 4 +1

Name of the Vulnerable Software and Affected Versions: CKEditor 4 versions prior to 4.17.0 Description: The issue is related to the Advanced Content Filter ACF module in CKEditor 4, which fails to properly protect the structure of web pages. This allows a remote attacker to bypass existing access...

CVE-2021-41164

CKEditor4 contains an Advanced Content Filter (ACF) vulnerability (CVE-2021-41164) that allows injection of malformed HTML bypassing sanitization, enabling JavaScript execution. Affected: CKEditor4

Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML

Affected packages The vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 Advanced Content Filter ACF core module. The vulnerability allowed to inject malforme...

HTML comments vulnerability allowing to execute JavaScript code

Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed comments HTML...

Darwin Factor 跨站脚本漏洞

Darwin Factor is a free and open source next-generation TypeScript framework from Darwin, Inc. It is used to create blogs, login pages and JamStack applications. Darwin Factor suffers from a cross-site scripting vulnerability that stems from vulnerability to cross-site scripting XSS attacks store...

PT-2021-5364 · Unknown +4 · Gnu Mailman +4

Name of the Vulnerable Software and Affected Versions: GNU Mailman versions prior to 2.1.36 Description: The issue is related to a crafted URL to the "Cgi/options.py" user options page, which can execute arbitrary JavaScript for XSS. This is due to inadequate protection of the web page structure....

CVE-2021-25974 Publify - Stored Cross-Site Scripting (XSS) in Editor

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...

XSS vulnerability allowing arbitrary JavaScript execution

Today we are releasing Grafana 8.2.3. This patch release includes an important security fix for an issue that affects all Grafana versions from 8.0.0-beta1. Grafana Cloud instances have already been patched and an audit did not find any usage of this attack vector. Grafana Enterprise customers we...

CVE-2021-29735

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Unlimited PopUps plugin in version 4.5.3 and earlier suffers from a SQL injection vulnerability that...

Cross-site Scripting (XSS) - Generic in snipe/snipe-it

Description XSS in bulk audit function via the asset tag parameter Proof of Concept 1: Go to http:///hardware/bulkaudit feature 2: Use alertdocument.domain as "Asset Tag" parameter 3: Click "Audit", the XSS should be triggered via the message Asset Tag ASSETTAG not found. Impact This vulnerabilit...