3249 matches found
CVE-2024-11184
The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts...
CVE-2024-11184 WP Enabled SVG <= 0.7 - Author+ Stored XSS via SVG
The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts...
CVE-2024-11184
The CVE-2024-11184 issue affects the wp-enable-svg WordPress plugin, specifically versions 0.7 and earlier, where uploaded SVG files are not sanitized. The underlying vulnerability enables stored XSS, with exploitation possible by users with author-level access or higher, potentially delivering m...
WordPress plugin WP Enabled SVG 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-12814
CVE-2024-12814 affects the WordPress plugin Loan Comparison (shortcode loancomparison) up to version 2.0, enablingStored XSS by authenticated attackers (Contributor+) via user-supplied shortcode attributes. Exploitation could inject scripts on pages viewed by other users. Remediation: update to L...
CVE-2024-56313
REDCap
CVE-2021-40959
A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web Application Firewall AIWAF = 4.1.6 and =5.0 was identified on the subpage /processmanagement/processstatus.xhr.php. This vulnerability allows an attacker to inject malicious scripts that execute in the context of...
CVE-2021-40959
A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web Application Firewall AIWAF = 4.1.6 and =5.0 was identified on the subpage /processmanagement/processstatus.xhr.php. This vulnerability allows an attacker to inject malicious scripts that execute in the context of...
CVE-2021-40959
A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web Application Firewall AIWAF = 4.1.6 and =5.0 was identified on the subpage /processmanagement/processstatus.xhr.php. This vulnerability allows an attacker to inject malicious scripts that execute in the context of...
PT-2024-36499 · Portabilis · Portabilis I-Educar
Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar version 2.9 Description: A reflected Cross-Site Scripting issue exists in the standard documentation upload functionality, allowing an attacker to craft malicious URLs with arbitrary javascript in the titulo documento...
Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2025-01832)
Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect that can be exploited by an attacker to inject malicious scripts into vulnerable form fields...
Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2025-01834)
Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect that can be exploited by an attacker to inject malicious scripts into vulnerable form fields...
Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2025-01835)
Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect that can be exploited by an attacker to inject malicious scripts into vulnerable form fields...
Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2025-01837)
Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect that can be exploited by an attacker to inject malicious scripts into vulnerable form fields...
Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2025-01838)
Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect that can be exploited by an attacker to inject malicious scripts into vulnerable form fields...
CVE-2024-52992
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-52993
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-52861
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-52862
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-52861
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...