7884 matches found
Cross site scripting
The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2711 Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS
The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2178 Aajoda Testimonials < 2.2.2 - Admin+ Stored XSS
The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
[NetScaler] Service State doesn't sync to Secondary node in HA setup
When you build NetScaler HA pair with VPX on SDX platform. You may observe the issue that Primary doesn't sync service UP/DOWN events to Secondary node. The issue can impact SDX platforms:SDX 8900, SDX 15000, SDX 15000-50G, SDX 26000, and SDX 26000-50S...
SimpleModal Contact Form (SMCF) <= 1.2.9 - Admin+ Stored XSS
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Open-Xchange App Suite 安全漏洞
Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to manage email, tasks, files, etc. more intuitively. A security vulnerability exists in Open-Xchange App Suite that stems from the processing of POP3 function responses withou...
Exploit for Cross-site Scripting in Ourphp
CVE-2023-30212-POC Creating a Vulnerable Docker Environmen...
CVE-2023-2401
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2684 File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting
The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2023-19360 · WordPress · Qubot
Name of the Vulnerable Software and Affected Versions: QuBot WordPress plugin versions prior to 1.1.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisit...
Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting
Description The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the plugin's "Quick Start" field, add...
Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a new item in the plugin settings 2...
MojoPlug Slide Panel <= 1.1.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Smoothscroller <= 1.0.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
URL Shortify < 1.7.0 - Admin+ Cross Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Navigate to "URL Shortify Settings Links"...
Exploit for Buffer Underflow in Fortinet Fortiweb
CVE-2023-25610 Insufficient heap memory in the FortiOS manage...
Flo Forms <= 1.0.40 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2023-24794 · Pulse Secure · Pulse Secure Client
Name of the Vulnerable Software and Affected Versions: Pulse Secure Client affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged co...