CVE-2024-24134

Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting XSS via the 'Menu Name' and 'Description' fields in the Update Menu section...

CVE-2024-5459

The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'addsection', 'addmenu', 'addmenuitem', and 'addmenupage' functions in all versions up to, and including, 2.4.16. This makes it possible for authenticated...

CVE-2024-33423

Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

CVE-2024-35423

vmir e8117 was discovered to contain a heap buffer overflow via the wasmparsesectionfunctions function at /src/vmirwasmparser.c...

CVE-2023-28473

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section...

CVE-2023-26157

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service DoS due to an out-of-bounds read involving section-numpages in decoder2007.c...

CVE-2023-48830

Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export...

CVE-2023-30130

An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter...

CVE-2023-27566

Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file...

CVE-2022-36713

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /librarian/lab.php...

CVE-2022-45040

A cross-site scripting XSS vulnerability in /admin/pages/sectionssave.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field...

WordPress plugin Section Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2022-27107

OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideolinkAddress" parameter...

CVE-2022-36714

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /staff/lab.php...

CVE-2022-45013

A cross-site scripting XSS vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field...

CVE-2021-3137

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section...

CVE-2021-3991

An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions...

CVE-2025-48369 GroupOffice vulnerable to Stored XSS in Tasks Comment Section

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting XSS vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an fil...

CVE-2020-19290

A stored cross-site scripting XSS vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section...

CVE-2020-20977

A stored cross site scripting XSS vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section...