EUVD-2026-21317

The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the savetitle AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page,...

CVE-2018-6550

Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php...

EUVD-2021-27006

Malware in sbrugna...

EUVD-2018-18302

Malware in sbrugna...

CVE-2021-3726

Vulnerability in title function Description: the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in:...

PT-2025-12768 · WordPress · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads – eCommerce Payments and Subscriptions plugin for WordPress versions up to, and including, 3.3.6.1 Description: The issue allows unauthenticated attackers to extract private post titles of downloads via the edd ajax get...

VulnCheck KEV: CVE-2022-4290

The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctlsanitizetitle' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially...

PT-2023-20911 · Qibosoft · Qibocms

Name of the Vulnerable Software and Affected Versions: Qibosoft QiboCMS version 7 Description: The issue is related to a remote code execution RCE vulnerability. It is exploited via the Get Title function at the label set rs.php file. Recommendations: For Qibosoft QiboCMS version 7, consider...

Cross-site Scripting (XSS)

collective.contact.widget is vulnerable to cross-site scripting. The vulnerability exists because the title function of widgets.py does not properly escape the title attribute before being rendered, allowing an attacker to inject and execute malicious javascript...

PYSEC-2022-42988

A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the...

Collective 跨站脚本漏洞

Collective is an open source Plone plugin shared code base by Collective. A security vulnerability exists in Collective collective.contact.widget 1.12 and earlier versions, which stems from a title function in its src/collective/contact/widget/widgets.py file that allows attackers to implement...

UBUNTU-CVE-2021-32436

An out-of-bounds read in the function writetitle in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service DoS via unspecified vectors...

PT-2022-10077 · Abcm2Ps +3 · Abcm2Ps +3

Name of the Vulnerable Software and Affected Versions: abcm2ps version 8.14.11 Description: The issue is related to an out-of-bounds read in the write title function in subs.c, which allows remote attackers to cause a Denial of Service DoS via unspecified vectors. Recommendations: For abcm2ps...

Format string

Vulnerability in title function Description: the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in:...

CVE-2021-3726

This CVE affects Oh My Zsh: the vulnerable component is the title function in lib/termsupport.zsh, which uses print to set the terminal title from a user-supplied string. The root cause is unsafe handling of a user-provided value within this function, potentially enabling a vulnerability through ...

ohmyzsh 操作系统命令注入漏洞

ohmyzsh is an open source, community-driven framework for managing your zsh configuration. An operating system command injection vulnerability exists in ohmyzsh, which stems from the "title" function defined in "lib/termsupport.zsh" that uses "print" to set the terminal title to a user-supplied...

PT-2021-21593

Name of the Vulnerable Software and Affected Versions Oh My Zsh versions prior to the version that includes commit a263cdac Description The issue arises from the title function defined in lib/termsupport.zsh, which uses print to set the terminal title to a user-supplied string. Although Oh My Zsh...

Monstra CMS Cross-Site Scripting Vulnerability

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A cross-site scripting vulnerability exists in the 'title' function of the plugins/box/pages/pages.plugin.php...

CVE-2018-6550

Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php...

Design/Logic Flaw

Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php...