5 matches found
CVE-2026-14345 WPFunnels <= 3.12.7 - Unauthenticated Remote Code Execution via 'postData' Parameter
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...
Cross site scripting
Cross-site scripting XSS vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter. NOTE: this is different than CVE-2005-1118, but it mig...
CVE-2008-1470
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting XSS attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118...
CVE-2005-1118
Cross-site scripting XSS vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter...
CVE-2005-1118
CVE-2005-1118 describes a cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll of the RSA Authentication Agent for Web 5.2. The flaw allows remote attackers to inject arbitrary web script or HTML via the postdata parameter. The CVE entry lists the affected product as RSA Authentication A...