CVE-2025-64030

Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPLINFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...

CVE-2025-64030

Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPLINFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...

CVE-2025-64030

Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPLINFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...

PT-2025-48448

Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPL INFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...

CVE-2025-64030

Eximbills Enterprise 4.1.5 (built 2020-10-30) is vulnerable to authenticated stored cross-site scripting (CWE-79) via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized input in the TMPL_INFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript exec...

EUVD-2023-33611

Malicious code in bioql PyPI...

CVE-2023-2085

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a...

CVE-2023-2086

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templatecount function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While ...

CVE-2023-1910

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the getremotetemplates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level...

Design/Logic Flaw

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the getremotetemplates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level...

CVE-2023-2086 Essential Blocks <= 4.0.6 - Missing Authorization via template_count

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templatecount function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While ...

USN-2249-1 heat vulnerability

Jason Dunsmore discovered that OpenStack heat did not properly restrict access to template information. A remote authenticated attacker could exploit this to see URL provider templates of other tenants for a limited time...

USN-2249-1: OpenStack Heat vulnerability

Jason Dunsmore discovered that OpenStack heat did not properly restrict access to template information. A remote authenticated attacker could exploit this to see URL provider templates of other tenants for a limited time...