WordPress Page Title, Description & Open Graph Updater plugin <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification vulnerability

Cross-Site Request Forgery to Arbitrary Page Title Modification vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Page Title, Description & Open Graph Updater versions = 1.02...

CVE-2026-1154

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be...

CVE-2026-1154

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be...

CVE-2026-1154

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be...

CVE-2026-1154

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be...

CVE-2026-1154

The CVE-2026-1154 entry affects SourceCodester E-Learning System 1.0, specifically the /admin/modules/lesson/index.php file in the Lesson Module Handler. Affected vector: manipulation of the Title/Description argument enables basic cross-site scripting. The vulnerability is described as exploitab...

EUVD-2018-18590

Malware in sbrugna...

CVE-2025-6301

A vulnerability, which was classified as problematic, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file /admin/manage-notices.php of the component Add Notice. The manipulation of the argument Title/Description leads to cross site scriptin...

PHPGurukul Notice Board System 代码注入漏洞

Notice Board System is a bulletin board system. Notice Board System has a cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the parameters Title/Description in the file /admin/manage-notices.php, which can be...

MonicaHQ 安全漏洞

MonicaHQ is a relationship management system from MonicaHQ, Inc. A security vulnerability exists in MonicaHQ version v4.1.2 that stems from the title and description parameters containing multiple authenticated client-side injections...

VulnCheck KEV: CVE-2021-34641

The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the /src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3...

RRJ Nueva Ecija Engineer Online Portal Cross-Site Scripting Vulnerability

RRJ Nueva Ecija Engineer Online Portal is an online portal for engineers from RRJ Nueva Ecija. A cross-site scripting vulnerability exists in RRJ Nueva Ecija Engineer Online Portal version 1.0, which stems from the parameter Quiz Title/Quiz Description in the file addquiz.php that causes cross-si...

WordPress Plugin Image Hover Effects Ultimate 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2021-24882

The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2021-34641

The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the /src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

SEOPress 5.0.0 – 5.0.3 - Authenticated Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the /src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts. PoC $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ;...

CVE-2018-6844

MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen...