10 matches found
CVE-2025-14069
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswpcustomschemafield' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
CVE-2025-14069
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswpcustomschemafield' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
CVE-2025-14069 Schema & Structured Data for WP & AMP <= 1.54 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Custom Schema
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswpcustomschemafield' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
CVE-2025-14069
This CVE (CVE-2025-14069) affects Schema & Structured Data for WP & AMP (WordPress) up to version 1.54, via Stored Cross-Site Scripting in the saswp_custom_schema_field. Affected actor must have Contributor+ rights; exploitation would run scripts on pages when viewed by users. The Wordfence entry...
CVE-2025-14069 Schema & Structured Data for WP & AMP <= 1.54 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Custom Schema
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswpcustomschemafield' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation
Summary A query depth restriction using the max-depth property can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the countDepth function, we have the following check for the ignoreIntrospection option...
Shopware 安全漏洞
Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware that stems from insufficient cleanup of the cdatabaseschema field in the installation interface, which could lead to stored cross-site scripting...
CVE-2025-51541
A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...
CVE-2021-43943
Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The...
Atlassian Jira 跨站脚本漏洞
Atlassian Jira is a defect tracking management system from Atlassian Australia. A cross-site scripting vulnerability exists in Atlassian Jira Service Management Server and Data Center versions prior to 4.21.0, which originates in /secure/admin/ The "Object Schema" field of...