CVE-2024-1074 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Audio Widget

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'linkurl' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2021-40542

Opensis-Classic Version 8.0 is affected by cross-site scripting XSS. An unauthenticated user can inject and execute JavaScript code through the linkurl parameter in Ajaxurlencode.php...

Open Solutions For Education OpenSis-Classic 跨站脚本漏洞

openSIS is a free and open source student information system/school management software. openSIS version 8.0 contains a cross-site scripting vulnerability. An attacker can exploit the vulnerability to inject and execute JavaScript code via the linkurl parameter in Ajaxurlencode.php...

CVE-2015-9540

Chamilo LMS through 1.9.10.2 allows a linkgoto.php?linkurl= open redirect, a related issue to CVE-2015-5503...

PHP-Fusion 6.01.14 - Blind SQL Injection

PHP-Fusion 6.01.14 - Blind SQL Injection !/usr/bin/python """ ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / /...