190 matches found
CVE-2026-8853
The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...
CVE-2026-8853
The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...
CVE-2026-8853 MW WP Form <= 5.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'memo' Parameter
The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...
CVE-2026-8853 MW WP Form <= 5.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'memo' Parameter
The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...
EUVD-2026-35995
The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...
CVE-2026-8853
The CVE-2026-8853 entry concerns the WordPress plugin MW WP Form (versions up to and including 5.1.3) with a Stored Cross-Site Scripting vulnerability via the memo parameter. The root cause is insufficient input sanitization and output escaping, enabling authenticated attackers with editor-level ...
PT-2026-48393
The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...
WordPress plugin MW WP Form 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-34860
Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...
CVE-2026-30586
Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...
EUVD-2026-34018
Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...
CVE-2026-30586
Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...
PT-2026-45825
Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZE SCHEMA, Memo Rendering Component, and Public/Private Memo View pages...
Memos 安全漏洞
Memos is an open-source memo center with knowledge management and social features, hosted on a server. Version 0.26.0 of Memos contains a security vulnerability. This vulnerability stems from cross-site scripting vulnerabilities in the SANITIZESCHEMA,Memo Rendering Component, and Public/Private...
CVE-2026-30586
Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...
CVE-2026-30586
Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...
CVE-2026-30586
Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...
CVE-2026-30586
This CVE concerns Cross Site Scripting in the open-source project usememos Memos v0.26.0. The vulnerability affects the memo rendering path and related views (SANITIZE_SCHEMA, Memo Rendering Component, and Public/Private Memo View pages). Root cause details are not explicitly provided beyond the ...
Huawei HarmonyOS Memo Module Access Control Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An access control vulnerability exists in the Huawei HarmonyOS memoization module, which can be exploited by an attacker to cause confidentiality and...
EUVD-2026-21802
Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...