CVE-2022-46597

TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sysservice parameter in the setupwizardmydlink sub4104B8 function...

PT-2022-27924 · Trendnet · Trendnet Tew755Ap

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW755AP version 1.13B01 Description: A command injection issue was found in the setup wizard mydlink function, specifically via the sys service parameter in the sub 4104B8 function. Recommendations: For TRENDnet TEW755AP version...

CVE-2022-4822

A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is...

CVE-2022-4822

A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is...

CVE-2022-4822

CVE-2022-4822 affects FlatPress, specifically an issue in the Setup/setup/lib/main.lib.php processing that enables cross-site scripting. The root cause is described as manipulation in the Setup component’s file handling leading to XSS. The attack surface is remote (network) with user interaction ...

CVE-2022-4822 FlatPress Setup main.lib.php cross site scripting

A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is...

My age+YubiKeys Password Management Solution

Password managers are in the news, and its the holidays, so its as good a time as ever to describe my password and secret management setup. Its very much not for everyone, but its minimal, simple, and has some interesting security properties: even if my laptop were compromised, it would take an...

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog building system from the FlatPress community that does not require database support. FlatPress is vulnerable to a cross-site scripting vulnerability that stems from some unknown processing issues in the component Setupsetup/lib/main.lib.php file that can lead to...

PT-2022-28124 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: FlatPress affected versions not specified Description: A problematic issue has been found in FlatPress, affecting some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scriptin...

Cross site scripting

A vulnerability classified as problematic has been found in OpenMRS Admin UI Module up to 1.4.x. Affected is the function sendErrorMessage of the file omod/src/main/java/org/openmrs/module/adminui/page/controller/systemadmin/accounts/AccountPageController.java of the component Account Setup...

CVE-2020-36636 OpenMRS Admin UI Module Account Setup AccountPageController.java sendErrorMessage cross site scripting

A vulnerability classified as problematic has been found in OpenMRS Admin UI Module up to 1.4.x. Affected is the function sendErrorMessage of the file omod/src/main/java/org/openmrs/module/adminui/page/controller/systemadmin/accounts/AccountPageController.java of the component Account Setup...

CVE-2022-4197

The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-4242

The WP Google Review Slider WordPress plugin before 11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-4110

The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3835

The Kwayy HTML Sitemap WordPress plugin before 4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Paytium: Mollie payment forms & donations WordPress plugin before 4.3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

Cross site scripting

The WP Google Review Slider WordPress plugin before 11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3835 Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS

The Kwayy HTML Sitemap WordPress plugin before 4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...