CVE-2025-3643

A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting XSS risk...

PT-2025-7781 · Tex Live +1 · Tex Live +1

Name of the Vulnerable Software and Affected Versions: TeX Live affected versions not specified Description: The issue is related to insufficient sanitizing in the TeX notation filter, which poses an arbitrary file read risk on sites where pdfTeX is available. This typically affects systems with...

PT-2023-17053 · WordPress · Site Reviews

Name of the Vulnerable Software and Affected Versions: Site Reviews WordPress plugin versions prior to 6.7.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in ...

WP Last Modified Info < 1.6.6 - Authenticated Stored XSS

When saving a new campaign, a user with administrator capabilities can store scripts in the plugin's options. The code can then be executed on every page or post on the website. An administrator can store scripts in the "Custom Message to Display on Posts" text input field. Reason for this was...

MGASA-2018-0456 Updated hylafax+ packages fix security vulnerability

Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message CVE-2018-17141...

DSA-689-1 libapache-mod-python - missing input sanitising

Bulletin has no description...

[SECURITY] [DSA 247-1] New courier packages fix SQL injection

-------------------------------------------------------------------------- Debian Security Advisory DSA 247-1 [email protected] http://www.debian.org/security/ Martin Schulze January 30th, 2003 http://www.debian.org/security/faq -...