18 matches found
CVE-2023-45747
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Syed Balkhi WP Lightbox 2 plugin = 3.0.6.5 versions...
EUVD-2025-19514
Malicious code in bioql PyPI...
EUVD-2023-50036
Malicious code in bioql PyPI...
CVE-2025-3745
The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks...
CVE-2025-3745
The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks...
CVE-2025-3745
CVE-2025-3745 affects the WordPress plugin WP Lightbox 2, versions prior to 3.0.6.8. Root cause: the title attribute of links is not properly sanitized before use, enabling unauthenticated stored XSS. Impact is as described in public sources; remediation: upgrade to 3.0.6.8 or later (no exploit d...
CVE-2025-3745 WP Lightbox 2 < 3.0.6.8 - Unauthenticated Stored XSS
The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks...
CVE-2025-3745 WP Lightbox 2 < 3.0.6.8 - Unauthenticated Stored XSS
The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks...
PT-2025-27410 · WordPress · Wp Lightbox 2
Name of the Vulnerable Software and Affected Versions: WP Lightbox 2 versions prior to 3.0.6.8 Description: The issue concerns the incorrect sanitization of the title attribute in links, potentially allowing malicious users to conduct cross-site scripting XSS attacks. Recommendations: For version...
CVE-2024-6263
The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
WordPress WP Lightbox 2 Plugin <= 3.0.6.6 is vulnerable to Cross Site Scripting (XSS)
Software WP Lightbox 2 Type Plugin Vulnerable versions = 3.0.6.6 Fixed in 3.0.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6263 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8a2088ef7bb8 Credits Webbernaut Required...
CVE-2023-45747
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Syed Balkhi WP Lightbox 2 plugin = 3.0.6.5 versions...
CVE-2023-45747 WordPress WP Lightbox 2 Plugin <= 3.0.6.5 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Syed Balkhi WP Lightbox 2 plugin = 3.0.6.5 versions...
PT-2023-29663 · WordPress · Syed Balkhi Wp Lightbox 2
Name of the Vulnerable Software and Affected Versions: Syed Balkhi WP Lightbox 2 plugin versions 3.0.6.5 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited by an authenticated administrator. There is no information...
CVE-2008-2490
Cross-site scripting XSS vulnerability in the KJ Image Lightbox 2 aka kjimagelightbox2 extension 1.4.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified "user input."...
Cross site scripting
Cross-site scripting XSS vulnerability in the KJ Image Lightbox 2 aka kjimagelightbox2 extension 1.4.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified "user input."...
CVE-2008-2490
Cross-site scripting XSS vulnerability in the KJ Image Lightbox 2 aka kjimagelightbox2 extension 1.4.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified "user input."...
CVE-2008-2490
The CVE-2008-2490 entry concerns the TYPO3 extension KJ Image Lightbox 2 (kj_imagelightbox2). Affected version: 1.4.2 and earlier. The root cause is a cross-site scripting (XSS) vulnerability in the extension that allows remote attackers to inject arbitrary web script or HTML via unspecified user...