CVE-2020-37235

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...

CVE-2020-37235 WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...

CVE-2026-41687 Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

PYSEC-2024-170

A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...