EUVD-2014-7926

Malware in sbrugna...

BIT-JOOMLA-2020-13761

In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS...

PT-2024-38420 · WordPress · The News Flash

Name of the Vulnerable Software and Affected Versions: The News Flash theme for WordPress versions up to, and including, 1.1.0 Description: The issue allows authenticated attackers with Editor-level access and above to inject a PHP Object via deserialization of untrusted input from the newsflash...

Fedora: Security Advisory for newsflash (FEDORA-2021-79ce3cb64a)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Joomla! Articles - Newsflash and Articles - Categories Modules Cross-Site Scripting Vulnerabilities

Joomla! is a U.S. Open Source Matters team using PHP and MySQL development of a set of open source, cross-platform content management system CMS.Articles - Newsflash is one of the Flash content extension module.Articles - Categories is one of the article classification module. A cross-site...

Cross site scripting

In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS...

PT-2020-13662 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.19 Description: The issue is related to a lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules, which allows for cross-site scripting XSS...

NewsFlash - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-049

This theme features 7 color styles, 12 collapsible regions, suckerfish menus, fluid or fixed widths, and lots more. The theme doesn't sufficiently sanitize user input. This vulnerability is mitigated by the fact that the theme is only exploitable with non-default settings and under certain site...

CVE-2014-8077

Cross-site scripting XSS vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property...

Cross site scripting

Cross-site scripting XSS vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property...

CVE-2014-8077

Cross-site scripting XSS vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property...

CVE-2014-8077

The CVE-2014-8077 entry concerns the NewsFlash theme for Drupal (versions 6.x-1.x prior to 6.x-1.7 and 7.x-1.x prior to 7.x-2.5). The underlying issue is insufficient sanitization of the font family CSS property in user-provided theme settings, enabling an XSS vector. Impact is limited to remote ...

SA-CONTRIB-2014-027 - NewsFlash Theme - XSS

Newsflash is a theme that features 7 color styles, 12 collapsible regions, suckerfish menus, fluid or fixed widths, built-in IE transparent PNG fix, and lots more. The theme does not sanitize the user provided theme setting for the font family CSS property, thereby exposing a cross-site scripting...

Joomla! Component com_newsflash - 'id' SQL Injection

Joomla newsflash Sql injection Author : EcHoLL www.warezturk.org www.tahribat.com Greetz : Blacklabel TURK Godlike Nitrous ! ModuleName: newsflash ! ScriptName: mambo and joomla ! GoogleDork: inurl:"comnewsflash"...