333 matches found
WordPress JoomSport <5.2.8 - SQL Injection
WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operation...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : league/commonmark vulnerabilities (USN-8194-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8194-1 advisory. It was discovered that league/commonmark did not properly restrict unsafe attributes when the Attributes extension was enabled. A...
USN-8194-1 php-league-commonmark vulnerabilities
It was discovered that league/commonmark did not properly restrict unsafe attributes when the Attributes extension was enabled. An attacker could possibly use this issue to cause cross-site scripting by injecting malicious code into rendered HTML. This issue only affected Ubuntu 22.04 LTS and...
USN-8194-1: league/commonmark vulnerabilities
It was discovered that league/commonmark did not properly restrict unsafe attributes when the Attributes extension was enabled. An attacker could possibly use this issue to cause cross-site scripting by injecting malicious code into rendered HTML. This issue only affected Ubuntu 22.04 LTS and...
CVE-2026-34890
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10...
EUVD-2026-18204
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10...
CVE-2026-34890
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10...
CVE-2026-34890 WordPress MSTW League Manager plugin <= 2.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10...
CVE-2026-34890 WordPress MSTW League Manager plugin <= 2.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10...
CVE-2026-34890
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10...
CVE-2026-34890
The CVE concerns the WordPress MSTW League Manager plugin (
WordPress MSTW League Manager plugin <= 2.10 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Conor Sullivan in WordPress Plugin MSTW League Manager versions = 2.10...
WordPress Plugin MSTW League Manager 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-29727
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10...
CVE-2026-25454
Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through = 4.4.1...
EUVD-2026-15732
Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through = 4.4.1...
CVE-2026-25454
Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through = 4.4.1...
CVE-2026-25454
CVE-2026-25454 is a Missing Authorization vulnerability affecting The League WordPress Theme (the-league) up to version 4.4.1. The initial description notes Missing Authorization with an impact described as an access-control misconfiguration, affecting The League from not applicable to <= 4.4....
CVE-2026-25454 WordPress The League theme <= 4.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through = 4.4.1...
CVE-2026-25454 WordPress The League theme <= 4.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through = 4.4.1...