26 matches found
PT-2024-37912 · WordPress · Wp Last Modified Info
Name of the Vulnerable Software and Affected Versions: WP Last Modified Info plugin for WordPress versions up to, and including, 1.9.0 Description: The issue is related to Stored Cross-Site Scripting via the template attribute of the lmt-post-modified-info shortcode. This is due to insufficient...
bootstrap: XSS in the tooltip or popover data-template attribute
A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...
bootstrap: XSS in the tooltip or popover data-template attribute
A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...
CVE-2022-3361
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths...
PT-2022-21791 · WordPress · Ultimate Member
Name of the Vulnerable Software and Affected Versions: The Ultimate Member plugin for WordPress versions up to, and including 2.5.0 Description: The issue is related to directory traversal due to insufficient input validation on the template attribute used in shortcodes. This allows attackers wit...
GHSA-9V3M-8FP8-MJ99 Bootstrap Vulnerable to Cross-Site Scripting
Versions of bootstrap prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting XSS. The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. Recommendation For bootstrap 4.x upgrade to...