29 matches found
CVE-2021-47931
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...
CVE-2021-47931
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...
CVE-2021-47931 Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...
CVE-2021-47931 Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...
Exponent CMS 跨站脚本漏洞
Exponent CMS is a website content management system provided by the Exponent company, offering capabilities for page management and modular content editing. Version 2.6 of Exponent CMS contains a cross-site scripting vulnerability. This vulnerability stems from storage-based cross-site scripting...
EUVD-2025-4361
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
Overview piranha is an a complete rewrite of Piranha CMS for .NET Core. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Text content block of Standard and Standard Archive Pages via the /manager/pages endpoint. An attacker can execute arbitrary JavaScript in...
Piranha CMS 跨站脚本漏洞
Piranha CMS is Piranha CMS open source used as a .Net5 friendly editor centric CMS. A security vulnerability exists in Piranha CMS version 12.0, which stems from an insufficiently filtered input in the Text content block and could lead to a stored cross-site scripting attack...
HortusFox 安全漏洞
HortusFox is a free and open source self-hosted plant manager system from HortusFox, Inc. A security vulnerability exists in HortusFox version v4.4, which stems from insufficient validation of the name parameter input in the TextBlockModule.php component, which could lead to a cross-site scriptin...
CVE-2023-5745
The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2025-26883
Missing Authorization vulnerability in bPlugins Animated Text Block animated-text-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Text Block: from n/a through = 1.0.7...
CVE-2025-26883
Missing Authorization vulnerability in bPlugins Animated Text Block animated-text-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Text Block: from n/a through = 1.0.7...
WordPress Animated Text Block plugin <= 1.0.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin Animated Text Block versions = 1.0.7...
CVE-2025-26883
CVE-2025-26883 documents a Missing Authorization/Broken Access Control vulnerability in the WordPress plugin Animated Text Block (affected: 1.0.7 and earlier). The issue arises from improperly configured access control, enabling an attacker to perform unauthorized actions that current description...
CVE-2025-26883 WordPress Animated Text Block plugin <= 1.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins Animated Text Block animated-text-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Text Block: from n/a through = 1.0.7...
WordPress plugin Animated Text Block 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2024-5646
The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headersize’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-5646
The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headersize’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-5646 Futurio Extra <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Text Block Widget
The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headersize’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress Futurio Extra plugin <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Text Block Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Advanced Text Block Widget vulnerability discovered by wesley wcraft in WordPress Plugin Futurio Extra versions = 2.0.5...