10 matches found
CVE-2026-10585 Stored cross-site scripting vulnerability in GitHub Enterprise Server allowed arbitrary JavaScript execution via crafted Discussion titles in the Q&A category
A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category. The...
CVE-2026-3321
A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...
CVE-2026-3321 Authorization Bypass in ON24 Q&A chat
A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...
CVE-2024-5582
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attribute...
PT-2024-36589 · WordPress · Schema & Structured Data For Wp & Amp
Name of the Vulnerable Software and Affected Versions: Schema & Structured Data for WP & AMP plugin for WordPress versions up to, and including, 1.33 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the url attribute...
Malicious code in file-q-and-a (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2368 Malicious code in file-q-and-a (npm)
--- -= Per source details. Do not edit below this line.=-...
WordPress Q and A Plugin - Full Path Disclosure
This plugin is prone to a multiple scripts direct request path disclosure vulnerability. Solution Update the plugin...
WordPress Plugin Q and A (Focus Plus) FAQ 1.3.9.7 - Multiple Vulnerabilities
WordPress Plugin Q and A Focus Plus FAQ 1.3.9.7 - Multiple Vulnerabilities Exploit Title: WordPress Q and A Focus Plus FAQ Full Path Disclosure and SQL Injection Google Dork: inurl:"wp-content/plugins/q-and-a" Date: 12-05-2016 Software Link: https://wordpress.org/plugins/q-and-a-focus-plus-faq/...
WordPress Plugin Q and A (Focus Plus) FAQ 1.3.9.7 - Multiple Vulnerabilities
Exploit Title: WordPress Q and A Focus Plus FAQ Full Path Disclosure and SQL Injection Google Dork: inurl:"wp-content/plugins/q-and-a" Date: 12-05-2016 Software Link: https://wordpress.org/plugins/q-and-a-focus-plus-faq/ Version: 1.3.9.7 and prior Exploit Author: Gwendal Le Coguic Website:...