20 matches found
CVE-2020-37235
CVE-2020-37235 concerns WordPress Theme Wibar 1.1.8, where a stored XSS flaw exists in the Brand component. The vulnerability allows authenticated users with editor/administrator/contributor/author roles to inject base64-encoded script payloads via the ftc_brand_url input field, resulting in arbi...
EUVD-2020-31237
WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...
CVE-2020-37235 WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component
WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...
WordPress plugin theme Wibar 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
EUVD-2026-28383
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...
GHSA-VWGF-7F9H-H499 Cross site scripting in zenml
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...
Cross site scripting in zenml
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...
CVE-2024-2171
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...
CVE-2024-2171
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...
ZenML Cross-Site Scripting Vulnerability
ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A cross-site scripting vulnerability exists in ZenML version 0.55.3, which stems from a stored cross-site scripting XSS vulnerability in the logourl field that allows an attacker...
PT-2024-19019 · Zenml · Zenml
Name of the Vulnerable Software and Affected Versions: zenml-io/zenml versions 0.55.3 through 0.55.3 Description: A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the logo url field. By injecting malicious payloads into this fiel...
PT-2023-11367 · WordPress · Coming Soon/Maintenance Mode Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: WordPress Coming Soon Page & Maintenance Mode plugin versions up to, and including, 1.8.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated...
WP Customize Login <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin is vulnerable to Authenticated Stored Cross-Site Scripting XSS in the "Change Logo URL" and Change Logo Title" settings...
Cross-Site Scripting (XSS)
archiva-repository-admin-default is vulnerable to cross-site scripting. A remote authenticated attacker who has administrative access to modify the central configurations, is able to inject arbitrary Javascript into a victim's browser via the central configuration entries such as the logo URL...
WordPress Admin Custom Login 2.4.5.2 Cross Site Scripting
------------------------------------------------------------------------ Admin Custom Login WordPress plugin affected by persistent Cross-Site Scripting via Logo URL field ------------------------------------------------------------------------ Burak Kelebek, July 2016...
Debian DSA-2975-1 : phpmyadmin - security update
Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-4995 Authenticated users could inject arbitrary web script or HTML via a crafted SQL query. -...
Debian: Security Advisory (DSA-2975-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-4996
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted database name, 2 a crafted user name, 3 a crafted logo URL in the navigation panel, 4 a...
CVE-2013-4996
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted database name, 2 a crafted user name, 3 a crafted logo URL in the navigation panel, 4 a...
CVE-2013-4996
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted database name, 2 a crafted user name, 3 a crafted logo URL in the navigation panel, 4 a...