PT-2024-26568 · WordPress · Custom Field Suite

Name of the Vulnerable Software and Affected Versions: Custom Field Suite plugin for WordPress versions up to, and including, 2.6.7 Description: The issue allows authenticated attackers with contributor-level access and above to perform SQL Injection via the Term custom field. This is due to...

CVE-2019-17226

CMS Made Simple CMSMS 2.2.11 allows XSS via the Site Admin Module Manager Search Term field...

CVE-2019-17226

CMS Made Simple CMSMS 2.2.11 allows XSS via the Site Admin Module Manager Search Term field...

Cross site scripting

CMS Made Simple CMSMS 2.2.11 allows XSS via the Site Admin Module Manager Search Term field...

DLGuard Cross-Site Scripting Vulnerability

DLGuard is a complete sales and customer management system used to protect and streamline online business. A cross-site scripting vulnerability exists in DLGuard. A remote attacker can leverage the 'page', 'c' or 'redirect' parameters in the index.php script or the main page's 'search' field...

CVE-2009-0540

Libero CVE-2009-0540 is an XSS vulnerability in Libero 5.3 SP5 (and possibly versions before 5.5 SP1) that allows remote attackers to inject arbitrary web script via the search term field. The issue arises from insufficient input filtering/sanitisation of HTML tags in the web app, and is categori...