29 matches found
CVE-2024-3582
The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
Ampache 安全漏洞
Ampache is a web-based audio/video application and file manager. A cross-site scripting vulnerability exists in Ampache 6.2.1 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in /preferences.php?action=adminupdatepreferences, which can be...
SuiteCRM 代码注入漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM suffers from an HTML injection vulnerability that stems from a lack of valid filtering and escaping of user-supplied data in the salesagility/suitecrm tittle, which can be exploited by an attacker to cause HTML...
SUSE CVE-2019-11025
In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string SNMP Options in the View poller cache, leading to XSS...
WordPress plugin Wicked Folders 跨站请求伪造漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ghost is a plugin for importing/exporting WordPress data. relevant is a relevant content...
CVE-2022-4125
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well...
CVE-2022-1904
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled, leading to a Reflected Cross-Site Scripting...
CVE-2022-29947
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping...
IBM Guardium Data Encryption 安全漏洞
IBM Guardium Data Encryption GDE is an application from IBM of America, Inc. IBM Guardium Data Encryption versions 4.0.0.0 and 5.0.0.0 contain a security vulnerability that stems from the fact that the software saves user information in a CSV form file with a comma as the separator symbol, but it...