192 matches found
Mealie 安全漏洞
Mealie is a self-hosted recipe manager and meal planner developed by Hayden from the United States. Version 3.3.1 of Mealie contains a security vulnerability, which stems from a storage-type HTML injection in the Recipe Notes rendering component, potentially leading to user interface spoofing...
WordPress plugin Name Directory 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
WordPress plugin Bold Page Builder 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Orange Confort+ 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
OrcaStatLLM Researcher 跨站脚本漏洞
OrcaStatLLM Researcher is an open-source research paper generator based on large models, developed by AlgoNet Lab. OrcaStatLLM Researcher has a cross-site scripting vulnerability. This vulnerability arises from improper handling of malicious research topic inputs in the log messages of the sessio...
lute 跨站脚本漏洞
Lute is a structured Markdown engine developed by D individual. Versions of Lute 1.7.6 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the Markdown rendering engine’s storage-based cross-site scripting feature, which could allow malicious JavaScript to be...
Millhouse-Project 跨站脚本漏洞
Millhouse-Project is a blog page developed by Thérèse Scott Rossi as an individual project. Version 1.414 of Millhouse-Project has a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting feature in the comment submission function, which may allow...
WordPress plugin Robin Image Optimizer 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Karel Electronics ViPort 跨站脚本漏洞
Karel Electronics ViPort is an IP video phone terminal produced by the Turkish company Karel Electronics. Versions of Karel Electronics ViPort from 23012026 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation, and...
Apidog Web Platform 跨站脚本漏洞
The Apidog Web Platform is an interface calling tool provided by the Apidog company. Version 2.7.15 of the Apidog Web Platform contains a cross-site scripting vulnerability. This vulnerability stems from improper handling of SVG image uploads during cleanup, and it may lead to storage-based...
Movable Type 跨站脚本漏洞
Movable Type is a content management system developed by Movable Type Inc. Movable Type has a cross-site scripting vulnerability, which stems from a storage-based cross-site scripting vulnerability present in exported sites. This vulnerability may allow arbitrary scripts to be executed on the web...
LUNA software 跨站脚本漏洞
LUNA software is a digital audio workstation developed by the British company LUNA. Version 7.5.5.6 of LUNA software contains a cross-site scripting vulnerability. This vulnerability stems from the improper handling of user input in the Edit Batch Name function, which may lead to storage-based...
Craft Commerce 跨站脚本漏洞
Craft Commerce is an e-commerce platform derived from the open-source Craft CMS. Versions of Craft Commerce from 4.0.0-RC1 to 4.10.0, as well as from 5.0.0 to 5.5.1, have a cross-site scripting vulnerability. This vulnerability arises due to the transport category names and descriptions being...
Craft Commerce 跨站脚本漏洞
Craft Commerce is an e-commerce platform derived from the open-source Craft CMS. Versions of Craft Commerce from 4.0.0-RC1 to 4.10.0, as well as from 5.0.0 to 5.5.1, have a cross-site scripting vulnerability. This vulnerability stems from the address line 1 field in the inventory location not bei...
Zendesk SweetHawk Survey 跨站脚本漏洞
Zendesk SweetHawk Survey is a satisfaction survey plugin developed by Zendesk, a Japanese company. Version 1.6 of Zendesk SweetHawk Survey contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting issue in the ticket submission feature, whic...
Talishar 跨站脚本漏洞
Talishar is an open-source game client developed by Talishar. Talishar has a cross-site scripting vulnerability, which stems from the lack of cleaning and escaping of the playerID parameter. This vulnerability may lead to storage-based cross-site scripting attacks...
WordPress plugin Stripe Green Downloads 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Dolibarr cross-site scripting vulnerabilities
Dolibarr is an open-source application developed by Dolibarr developers. It helps manage activities of user organizations. Version Dolibarr 11.0.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the host, slave, and port parameters in LDAP...
forma.lms cross-site scripting vulnerability
forma.lms is an open-source, web-based online learning platform developed by individual developers. Version 2.3.0.2 of forma.lms contains a cross-site scripting vulnerability. This vulnerability arises from improper cleaning of inputs for course code, name, description fields, and email parameter...
Sellacious eCommerce cross-site scripting vulnerability
Sellacious eCommerce is an e-commerce platform software developed by the Sellacious company. Version 4.6 of Sellacious eCommerce contains a cross-site scripting vulnerability. This vulnerability arises from improper cleaning of input fields such as names, companies, and addresses in the Manage Yo...