ROS-20260529-73-0021

The vulnerability in opensearch relates to the use of a name with an incorrect link. Exploiting this vulnerability could allow a perpetrator to cause a service failure...

ROS-20260529-73-0002

The vulnerability in opensearch relates to the use of a name with an incorrect link. Exploiting this vulnerability could allow a perpetrator to cause a service failure...

CVE-2026-8842 Google+ Link Name <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes 'id' and 'name' in the...

CVE-2026-8842 Google+ Link Name <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes 'id' and 'name' in the...

WordPress Google+ Link Name plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Google+ Link Name versions = 1.0...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2. When reading the name of a symbolic link from a UFS filesystem, grub2 fails to validate the string length provided as input. This lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and potentially allowing an attacker to...

PT-2025-51231

NetSupport Manager 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI...

SUSE CVE-2024-45781

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...

PT-2024-32384 · Alist +1 · Alist +1

Name of the Vulnerable Software and Affected Versions: AList versions prior to 3.29.0 Description: AList, a file list program supporting multiple storages, contains a reflected cross-site scripting issue in the helper.go file. The endpoint "/i/:link name" takes a user-provided value and reflects ...

CVE-2024-30953

A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...

PT-2024-23690 · Htmly · Htmly

Name of the Vulnerable Software and Affected Versions: Htmly version 2.9.5 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of the Menu Editor module. Recommendations: For Htm...

HTMLy 安全漏洞

HTMLy is a PHP-based open source blogging platform. A security vulnerability exists in HTMLy version v2.9.5, which stems from the presence of a stored cross-site scripting XSS vulnerability. An attacker can exploit the vulnerability to execute arbitrary web script or HTML code by injecting a...

Insightly: Stored XSS via LINK Name.

The LINK NAME was not properly escaped at the Templates page, leading to Stored XSS. The name was reflected in the tag, and due to lack of sanitization, the user could break out of the tag and execute the XSS...

Cross site scripting

RSA Archer before 6.9 SP1 P1 6.9.1.1 contains a stored XSS vulnerability. A remote authenticated malicious Archer user with access to modify link name fields could potentially exploit this vulnerability to execute code in a victim's browser...

AZL-6457 CVE-2020-14309 affecting package grub2 for versions less than 2.06~rc1-7

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacke...

WordPress Plugin Link Library 5.2.1 - SQL Injection

Exploit Title: WordPress Link Library plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0%23 --------------- Vulnerable code --------------- ./link-library-ajax.php: echo $mylinklibraryplugin-LinkLibrary...; ./link-library.php: class linklibraryplugin ... function LinkLibrary... return...