Cross-Site Scripting (XSS) via Select Schema Option Value Injection in @pdfme/schemas

Summary The Select schema plugin in @pdfme/schemas constructs HTML from template-defined option values using unsanitized string interpolation and sets it via innerHTML, enabling arbitrary JavaScript execution. Details In packages/schemas/src/select/index.ts, lines 159-164, the Select schema's ui...

WordPress plugin BP Profile Search 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2019-11469

Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Actions" feature...

Kubelance SQL Injection (profile.php?id)

No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Kubelance SQL Injection Vendor url:http://www.kubelabs.com Version:1.7.6 Price:90$ Published: 2010-06-19 Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to all ICW members...