Linux Distros Unpatched Vulnerability : CVE-2010-3818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote...

CVE-2024-8481

The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...

CVE-2024-8481 Special Text Boxes <= 6.2.2 - Unauthenticated Arbitrary Shortcode Execution

The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...

CVE-2024-8481

CVE-2024-8481 affects the WordPress plugin Special Text Boxes up to 6.2.2 due to the filter add_filter('comment_text','do_shortcode') allowing unauthenticated arbitrary shortcode execution in comments. A patch exists; upgrade to 6.2.4 or later to remediate.

WordPress plugin The Special Text Boxes 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

WordPress Special Text Boxes plugin <= 6.2.4 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Special Text Boxes versions = 6.2.4...

WordPress Special Text Boxes Plugin <= 6.2.2 is vulnerable to Bypass Vulnerability

Software Special Text Boxes Type Plugin Vulnerable versions = 6.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Bypass Vulnerability CVE CVE-2024-8481 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID ff741af18511 Credits Francesco Carlucci Required privilege...

PT-2024-39047 · WordPress · Special Text Boxes

Name of the Vulnerable Software and Affected Versions: The Special Text Boxes plugin for WordPress versions up to and including 6.2.2 Description: The issue is related to arbitrary shortcode execution. This is due to the plugin adding the filter add filter'comment text','do shortcode';, which run...

CVE-2023-41810

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed Javascript code to be executed in some Widgets' text box. This issue affects Pandora FMS: from 700 through 773...

PT-2023-28107 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Javascript code to be executed in some Widgets' text bo...

July 27, 2023, update for Office 2016 (KB5002307)

July 27, 2023, update for Office 2016 KB5002307 This article describes update 5002307 for Microsoft Office 2016 that was released on July 27, 2023.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to th...

SUSE CVE-2010-3818

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving inline text boxes...

CVE-2021-24485

The Special Text Boxes WordPress plugin before 5.9.110 does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

Cross site scripting

The Special Text Boxes WordPress plugin before 5.9.110 does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2021-24485

The CVE-2021-24485 entry covers the WordPress Special Text Boxes plugin. Affected software: WordPress Special Text Boxes plugin versions prior to 5.9.110. Vulnerable component: settings sanitisation/escaping in the plugin, allowing Cross-Site Scripting (XSS) by high-privilege users even when unfi...

WordPress plugin Special Text Boxes 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Special Text Boxes plugin in versions prior to 5.9.109 suffers from a cross-site scripting vulnerabili...

WordPress Special Text Boxes plugin <= 5.9.109 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Special Text Boxes plugin versions = 5.9.109. Solution Update the WordPress Special Text Boxes plugin to the latest available version at least 5.9.110...

Special Text Boxes <= 5.9.109 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Put the following payload in any of the field in the 'Basic Settings' section of the plugin's setting...

Special Text Boxes <= 5.9.109 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. PoC Put the following payload in any of the field in the 'Basic Settings' section of the plugin's setting...

LimeSurvey 跨站脚本漏洞

LimeSurvey formerly known as PHPSurveyor is an open source online survey program from the Limesurvey team that supports survey program development, survey posting, and data collection. A cross-site scripting vulnerability exists in LimeSurvey 4.2.5 that originates in the text boxes of the...