PT-2026-49564

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.0 Description Attacker-controlled input included in multipart/payload headers can be used to modify a request to inject additional headers or change the request contents. This occurs when an application passes...

CVE-2021-24373

The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue...

GHSA-RV3X-XQ3R-8J9H LeafKit allows XSS with untrusted user input

Impact This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an attacker managed to find a variable that was rendered with their unsanitised data, they could inject scripts into a generated Leaf pag...

CVE-2023-0421

The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...

[20151203] - Core - Directory Traversal

Failure to properly sanitise input data from the XML install file located within an extension's package archive allows for directory traversal...

BitDefender Internet Security 2009 XSS Vulnerability

This host is installed with BitDefender Internet Security and is prone to cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: secpodbitdefenderxssvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ BitDefender Internet Security 2009 XSS Vulnerability Authors: Sharath S Copyright: Copyrig...