37 matches found
CVE-2026-9626
The JSON API User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content' parameter of the postcomment API endpoint in versions up to, and including, 4.1.0 This is due to insufficient input sanitization in the postcomment function, which passes the attacker-controlled...
CVE-2026-9626 JSON API User <= 4.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'content' Parameter
The JSON API User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content' parameter of the postcomment API endpoint in versions up to, and including, 4.1.0 This is due to insufficient input sanitization in the postcomment function, which passes the attacker-controlled...
EUVD-2026-41490
The JSON API User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content' parameter of the postcomment API endpoint in versions up to, and including, 4.1.0 This is due to insufficient input sanitization in the postcomment function, which passes the attacker-controlled...
CVE-2026-9626
The JSON API User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content' parameter of the postcomment API endpoint in versions up to, and including, 4.1.0 This is due to insufficient input sanitization in the postcomment function, which passes the attacker-controlled...
EUVD-2026-28488
A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file postcomment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used...
CVE-2026-8126 SourceCodester Comment System post_comment.php sql injection
A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file postcomment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used...
CVE-2026-8126
A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file postcomment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used...
SourceCodester Comment System 注入漏洞
The SourceCodester Comment System is an open-source comment system developed by SourceCodester. Version 1.0 of the SourceCodester Comment System has a vulnerability caused by SQL injection due to the parameter manipulation in the file postcomment.php. This vulnerability could be exploited through...
PT-2026-38642
Name of the Vulnerable Software and Affected Versions SourceCodester Comment System version 1.0 Description An issue exists in the processing of the 'post comment.php' file. Manipulation of the Name argument allows for SQL injection, which can be exploited remotely. Recommendations At the moment,...
EUVD-2008-4701
Malware in sbrugna...
EUVD-2005-2817
Malware in sbrugna...
EUVD-2006-0988
Malware in sbrugna...
CVE-2022-4014
A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this...
CVE-2018-9121
In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment...
Malicious code in post-comment (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-2891 Malicious code in post-comment (npm)
--- -= Per source details. Do not edit below this line.=-...
Stored XSS through post comment body
Description The body of the comment is vulnerable to Stored XSS Proof of Concept - Create a post - Comment on it, and insert alertdocument.domain in the body...
CVE-2022-4014
A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this...
Text Hover < 4.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following in the plugin's settings: test = "alert/XSS/ Tick the "Enable text hover in...
Edit Comments <= 0.3 - Unauthenticated SQL Injection
The plugin does not sanitise, validate or escape the jaleditcomments GET parameter before using it in a SQL statement, leading to a SQL injection issue Post a comment on a page, then open https://example.com//?jaleditcomments=7%20AND%20SELECT%209114%20FROM SELECTSLEEP5wjzD...