CVE-2026-9125 The Ultimate Video Player For WordPress <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link_url' Shortcode Attribute

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...

CVE-2024-1074 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Audio Widget

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'linkurl' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2021-40542

Opensis-Classic Version 8.0 is affected by cross-site scripting XSS. An unauthenticated user can inject and execute JavaScript code through the linkurl parameter in Ajaxurlencode.php...

Open Solutions For Education OpenSis-Classic 跨站脚本漏洞

openSIS is a free and open source student information system/school management software. openSIS version 8.0 contains a cross-site scripting vulnerability. An attacker can exploit the vulnerability to inject and execute JavaScript code via the linkurl parameter in Ajaxurlencode.php...

CVE-2015-9540

Chamilo LMS through 1.9.10.2 allows a linkgoto.php?linkurl= open redirect, a related issue to CVE-2015-5503...

PHP-Fusion 6.01.14 - Blind SQL Injection

PHP-Fusion 6.01.14 - Blind SQL Injection !/usr/bin/python """ ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / /...