14 matches found
CVE-2026-12536
The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Module Title’ parameter in all versions up to, and including, 3.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-12536 Avada Builder <= 3.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Module Title
The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Module Title’ parameter in all versions up to, and including, 3.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-12536
CVE-2026-12536 : A Stored Cross-Site Scripting flaw in the Avada (Fusion) Builder plugin for WordPress affects all versions up to 3.15.5. It arises from insufficient input sanitization and output escaping in the Module Title parameter. An authenticated attacker with Contributor-level access or hi...
Dotnetnuke < 9.13.10 / 10.0.x < 10.02.00 Stored XSS via Module Title (CVE-2026-24838)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft...
Cross-site Scripting (XSS)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Module Title. An attacker can execute arbitrary scripts in the context of affected users by...
DotNetNuke.Core Vulnerable to Stored XSS via Module Title
Module title supports richtext which could include scripts that would execute in certain scenarios...
GHSA-W9PF-H6M6-V89H DotNetNuke.Core Vulnerable to Stored XSS via Module Title
Module title supports richtext which could include scripts that would execute in certain scenarios...
CVE-2026-24838
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...
CVE-2026-24838 DotNetNuke.Core Vulnerable to Stored XSS via Module Title
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...
CVE-2026-24838 DotNetNuke.Core Vulnerable to Stored XSS via Module Title
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...
CVE-2026-24838 DotNetNuke.Core Vulnerable to Stored XSS via Module Title
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...
CVE-2026-24838
CVE-2026-24838 affects DotNetNuke (DNN) where the module title’s richtext can execute scripts, enabling a stored XSS condition. Affected versions are prior to 9.13.10 and 10.2.0; versions 9.13.10 and 10.2.0 contain a fix. The issue is triggered via the module title field and could execute in cert...
DNN 跨站脚本漏洞
DNN also known as DotNetNuke is a set of American DNN company by Microsoft support, based on the ASP.NET platform of open source content management system CMS. The system is easy to install, scalable, feature-rich and so on. A cross-site scripting vulnerability exists in DNN versions prior to...
CVE-2006-6832
Cross-site scripting XSS vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title...