NetBT Consulting Services E-Fatura 代码问题漏洞

NetBT Consulting Services E-Fatura is an enterprise financial software from NetBT Consulting Services, Turkey. A code issue vulnerability exists in NetBT Consulting Services E-Fatura versions prior to 1.2.15, which stems from an un-referenced search path or element that could lead to the...

EUVD-2024-19854

Malicious code in bioql PyPI...

CVE-2024-22293

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5...

CVE-2024-7850

The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. This is due to missing or incorrect nonce validation on the bpsajaxfieldselector, bpsajaxtemplateoptions, and bpsajaxfieldrow functions. This makes it possible for...

WordPress BP Profile Search plugin <= 5.7.5 - Cross-Site Request Forgery to Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin BP Profile Search versions = 5.7.5...

WordPress BP Profile Search Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software BP Profile Search Type Plugin Vulnerable versions = 5.7.5 Fixed in 5.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7850 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID c231ea7c4aad Credits vgo0 Required...

WordPress plugin BP Profile Search 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2024-22293

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5...

CVE-2024-22293 WordPress BP Profile Search Plugin <= 5.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5...

CVE-2024-22293

The CVE-2024-22293 entry concerns the WordPress BP Profile Search plugin (versions n/a through 5.5). Affected component: BP Profile Search input handling leads to Reflected XSS (Cross-site Scripting). Root cause: improper neutralization of input during web page generation. Impact per sources: att...

WordPress plugin BP Profile Search 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-19314 · Andrea Tarantini · Bp Profile Search

Name of the Vulnerable Software and Affected Versions: Andrea Tarantini BP Profile Search versions n/a through 5.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an...

WordPress BP Profile Search Plugin <= 5.5 is vulnerable to Cross Site Scripting (XSS)

Software BP Profile Search Type Plugin Vulnerable versions = 5.5 Fixed in 5.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22293 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5fc1725a4a59 Credits Le Ngoc Anh Required privilege...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the FirstName field in the profile search functionality. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted input. Details Cross-site scripting or XSS is a code...

Liferay Portal Vulnerable to XSS in Profile Search Functionality

Cross-site scripting XSS vulnerability in users.jsp in the Profile Search functionality in Liferay Portal Search Web before 1.0.3 from Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field...

GHSA-HQ29-VQG6-PJPW Liferay Portal Vulnerable to XSS in Profile Search Functionality

Cross-site scripting XSS vulnerability in users.jsp in the Profile Search functionality in Liferay Portal Search Web before 1.0.3 from Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field...

WordPress LearnDash LMS Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.LearnDash LMS is a learning management system building plugin used in it. A cross-site scripting vulnerability exists i...

CVE-2020-7108

The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field...

CVE-2020-7108

The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field...