1410 matches found
Cross-Site Scripting
Overview Versions of dompurify prior to 2.0.3 are vulnerable to Cross-Site Scripting XSS. The package has an XSS filter bypass due to Mutation XSS in both Chrome and Safari through a combination of / elements and /. An example payload is: ". This allows attackers to bypass the XSS protection and...
CVE-2019-16728
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...
CVE-2019-16728
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...
Cross site scripting
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...
CVE-2019-16728
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...
UBUNTU-CVE-2019-16728
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...
CVE-2019-16728
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...
CVE-2019-16728
Removed by vendor...
WordPress Rank Math SEO Plugin <= 1.0.27 Authentication Bypass Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rankmath:seo"; ifdescription...
WordPress Rank Math SEO Plugin Code Injection Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Rank Math SEO is a search engine optimization SEO plugin used in... A code injection vulnerability exists in the...
CVE-2019-14786
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter...
CVE-2019-14786
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter...
Code injection
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter...
CVE-2019-14786
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter...
CVE-2019-14786
CVE-2019-14786 affects WordPress Rank Math SEO plugin (version 1.0.27). The vulnerability allows any authenticated user (non-admin) to reset plugin settings via wp-admin/admin-post.php?reset-cmb parameter. The issue is documented across multiple sources (NVD, Red Hat, OpenVAS, WPVulnDB) and relat...
PT-2019-13831 · WordPress · Rank Math Seo
Name of the Vulnerable Software and Affected Versions: Rank Math SEO plugin version 1.0.27 Description: The issue allows non-admin users to reset settings. This is achieved via the wp-admin/admin-post.php endpoint, specifically through the reset-cmb parameter. Recommendations: For Rank Math SEO...
CVE-2019-14697
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code...
CVE-2019-14697
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code...
CVE-2019-0234
A Reflected Cross-site Scripting XSS vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting XSS. The mitigation for this vulnerability is to upgrade to the latest version of...
Cross site scripting
A Reflected Cross-site Scripting XSS vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting XSS. The mitigation for this vulnerability is to upgrade to the latest version of...