42 matches found
PT-2024-39167 · WordPress · Backuply
Name of the Vulnerable Software and Affected Versions: Backuply – Backup, Restore, Migrate and Clone plugin for WordPress versions up to, and including, 1.3.4 Description: The issue is related to SQL Injection via the options parameter passed to the backuply wp clone sql function due to...
node-openssl Security Vulnerabilities
node-openssl is the openssl package for nodejs. A security vulnerability exists in node-openssl version 2.0.0 and earlier, which stems from a security flaw in the opts parameter...
CVE-2020-7746
A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object's keys that are being set are not checked, possibly allowing a prototype pollution...
PT-2022-14221
Name of the Vulnerable Software and Affected Versions Google Tag Manager for WordPress GTM4WP versions up to and including 1.15.1 Description The issue is related to Stored Cross-Site Scripting due to insufficient escaping via the gtm4wp-optionsscroller-contentid parameter found in the...
Prototype pollution in chart.js
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options or the defaults options are deeply merged with provided options. However, during this operation, the keys of the object being...
GHSA-6XV6-JPVW-CX6Q Command injection in bestzip
The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param...
CVE-2021-28006
Web Based Quiz System 1.0 is affected by cross-site scripting XSS in admin.php through the options parameter...
CVE-2021-28006
CVE-2021-28006 affects Web Based Quiz System 1.0 with a reflected/stored XSS vulnerability in the admin.php endpoint via the options parameter. The Red Hat, CNVD, NVD, and CVE records in the connected documents corroborate a cross-site scripting flaw in this component, enabling attacker-injected ...
CVE-2020-35933
A Reflected Authenticated Cross-Site Scripting XSS vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpcrender AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing...
CVE-2020-7746
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options or the defaults options are deeply merged with provided options. However, during this operation, the keys of the object being...
Code injection
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options or the defaults options are deeply merged with provided options. However, during this operation, the keys of the object being...
PT-2020-6799 · Chart.Js · Chartjs
Name of the Vulnerable Software and Affected Versions: chart.js versions prior to 2.9.4 Description: The issue is related to the options parameter not being properly sanitized when processed. This leads to a prototype pollution when the existing options or default options are deeply merged with...
Command Injection
Overview bestzip is an Uses OS zip command if avaliable for better performance and speed or node.js version if there is no system command avaliable. Can be called via node or command line. Affected versions of this package are vulnerable to Command Injection via the options param. Remediation...
Remote Code Execution (RCE)
install-package is vulnerable to remote code execution RCE. The attack is possible due to lack of sanitization of options parameter, allowing an attack to take the control of it and execute malicious code...
Effect Command Injection Vulnerability
effect is a node program package that allows you to add effects to your images. A command injection vulnerability exists in effect 1.0.4 and earlier. The vulnerability can be exploited to execute arbitrary commands via the options parameter...
MailEnable Cross-Site Scripting Vulnerability
MailEnable is a suite of POP3 and SMTP mail servers from MailEnable Australia. A cross-site scripting vulnerability exists in the mail settings in MailEnable versions prior to 8.60. The vulnerability can be exploited by an attacker to read local files or scan the internal network by sending the...
Cross site scripting
Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "optionssysname" parameter...
CVE-2018-5668
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnuusernamevalidationtitle parameter...
Unsafe Deserialization
redis-store is vulnerable to unsafe deserialization. The marshalling ability of redis-store allows attackers to load unsafe objects from redis. In order to be vulnerable to this, the options:marshalling needs to be used...
Debian Security Advisory DSA 1816-1 (apache2)
The remote host is missing an update to apache2 announced via advisory DSA 1816-1. OpenVAS Vulnerability Test $Id: deb18161.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1816-1 apache2 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...