EUVD-2026-22845

The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'loan-amount' and 'loan-period' parameters in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

CVE-2026-5694

The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'loan-amount' and 'loan-period' parameters in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

CVE-2026-5694

The CVE concerns the Quick Interest Slider WordPress plugin, affected up to and including version 3.1.5. It is vulnerable to an unauthenticated stored XSS via the loan-amount and loan-period parameters, caused by insufficient input sanitization and output escaping. The vulnerability allows attack...

PT-2026-33012

Name of the Vulnerable Software and Affected Versions Quick Interest Slider versions prior to 3.1.6 Description The Quick Interest Slider plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Unauthenticated attackers can...

WordPress plugin Quick Interest Slider 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2020-27285

Malware in sbrugna...

MyBB plugin Active Threads 跨站脚本漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is easy to use , support for multi-language , scalable and so on. A security vulnerability exists in MyBB plugin Active Threads version 1.3.0, which originates from the date...

sidekiq 跨站脚本漏洞

Mike Perham sidekiq is a Mike Perham open source application. It uses threads to handle many jobs in the same process at the same time. A cross-site scripting vulnerability exists in sidekiq versions prior to 7.0.8, which can be exploited to cause XSS on Sidekiq via the GET parameter "period" in...

VestaCP 0.9.8-26 Cross Site Scripting

Document Title: =============== VestaCP v0.9.8-26 - period Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2239 Release Date: ============= 2020-11-24 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2016-10947

The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin...

CVE-2018-20824

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the cyclePeriod parameter...

Mapbox: Denial of service in account statistics endpoint

Hi Mapbox, I know that your guidelines explicitly say that Denial of Service coinditions are not in scope and should not be attempted, but I maintained the testing between adequate parameters so as to not to create excessive load on your backend. I also sent an email to [email protected] prior ...

CVE-2012-1063

Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the 1 viewId parameter to fault/AlarmView.do or 2 period parameter to showHistoryData.do...

CVE-2009-4939

Multiple cross-site scripting XSS vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the 1 uid parameter, 2 uid parameter in a loginlookup action, 3 uid parameter in an adminlogin action, 4 campaignid parameter in a createcampaign actio...