6 matches found
CVE-2026-55790
Summary of CVE-2026-55790 (Craft CMS) : This is a DOM-based cross-site scripting flaw in Craft CMS. Versions affected are 5.0.0-RC1–5.9.22 and 4.0.0-RC1–4.17.15. An attacker with only a GitHub account can insert a JavaScript payload into a craftcms/cms issue title. When a Craft admin uses the Cra...
CVE-2026-55790 Craft CMS: DOM XSS via GitHub issue title in CraftSupport widget
Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types...
CVE-2025-31092
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget support-chat allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through = 2.3.4...
CVE-2024-49281
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in NinjaTeam Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.3...
Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)
Live Call Support Widget 1.5 - Cross-Site Request Forgery Add Admin Exploit Title: Live Call Support 1.5 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://ranksol.com/ Software Link:...
Mail.ru: IDOR widget.support.my.com
На lootdog.io можно обратиться в службу поддержки. Когда мы создали тикет и хотим его подгрузить, то выполняется запрос...