GHSA-9WFJ-C55W-J9QR Kirby has XML injection in its XML creator toolkit

TL;DR This vulnerability only affects Kirby sites that use the Xml data handler e.g. Data::encode$string, 'xml' or the Xml::create, Xml::tag or Xml::value methods in site or plugin code. The Kirby core does not use any of the affected methods. If consumers use an affected method and cannot rule o...

EUVD-2012-6313

Malware in sbrugna...

PT-2024-23162 · Ict · Ict

Name of the Vulnerable Software and Affected Versions: ICT affected versions not specified Description: Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default I...

CVE-2023-6065

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code...

WordPress Simple:Press plugin suffers from a reflected cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A reflective cross-site...

CVE-2020-19118

Cross Site Scripting XSS vulnerabiity in YzmCMS 5.2 via the sitecode parameter in admin/index/init.html...

Arbitrary File Download Vulnerability in OpenSNS Backend

OpenSNS is a comprehensive social software developed by Thinking Sky. OpenSNS has an arbitrary file download vulnerability in the background, which can be exploited by an attacker to compress and download the code of the entire site...

CVE-2019-9570

An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/systemmanage/save.html URI, related to the sitecode parameter...

Debian DSA-153-1 : mantis - cross site code execution and privilege escalation

Joao Gouveia discovered an uninitialized variable which was insecurely used with file inclusions in the mantis package, a php based bug tracking system. The Debian Security Team found even more similar problems. When these occasions are exploited, a remote user is able to execute arbitrary code...

[SECURITY] [DSA 153-1] New mantis package fixes cross site code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 153-1 [email protected] http://www.debian.org/security/ Martin Schulze August 14th, 2002 http://www.debian.org/security/faq -...

[SECURITY] [DSA 153-1] New mantis package fixes cross site code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 153-1 [email protected] http://www.debian.org/security/ Martin Schulze August 14th, 2002 http://www.debian.org/security/faq -...