15 matches found
CVE-2025-61872
Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search site' feature when using the Elasticsearch7 search plugin. The Elasticsearch function does not properly sanitize input in the query paramete...
CVE-2025-61872
Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search site' feature when using the Elasticsearch7 search plugin. The Elasticsearch function does not properly sanitize input in the query paramete...
PT-2026-34881
Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search site' feature when using the Elasticsearch7 search plugin. The Elasticsearch function does not properly sanitize input in the query paramete...
CVE-2025-61872
CVE-2025-61872 affects Mahara prior to 25.04.2 and 24.04.11. The issue occurs in the search site feature when using the Elasticsearch7 search plugin, where the Elasticsearch function does not properly sanitize input in the query parameter, potentially allowing a malicious search query to trigger ...
EUVD-2025-209573
Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search site' feature when using the Elasticsearch7 search plugin. The Elasticsearch function does not properly sanitize input in the query paramete...
EUVD-2024-17413
Malicious code in bioql PyPI...
CVE-2024-1678 Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API
The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post...
CVE-2024-1678 Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API
The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post...
PT-2024-18214 · WordPress · The Subway – Private Site Option
Name of the Vulnerable Software and Affected Versions: The Subway – Private Site Option plugin for WordPress versions up to, and including, 2.1.4 Description: The issue allows unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post content via the...
Exploit for OS Command Injection in Wwbn Avideo
WWBN Avideo Authenticated RCE - OS Command Injection CVE-20...
CVE-2022-43117
Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Name, Username, Description and Site Feature parameters...
Cross site scripting
Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Name, Username, Description and Site Feature parameters...
Password Storage Application 跨站脚本漏洞
Password Storage Application is a password storage application by the individual developer Carlo Montero. A security vulnerability exists in version 1.0 of Password Storage Application that allows an attacker to implement multiple cross-site scripts via the Name, Username, Description, and Site...
PT-2022-26759 · Unknown · Sourcecodester Password Storage Application
Name of the Vulnerable Software and Affected Versions: Sourcecodester Password Storage Application in PHP/OOP and MySQL version 1.0 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities can be exploited via the Name, Username, Description, and Si...
CVE-2022-43117
Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Name, Username, Description and Site Feature parameters...