WordPress plugin myLinksDump 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

CVE-2026-33770

Summary: CVE-2026-33770 affects WWBN/AVideo up to version 26.0, where fixCleanTitle() in objects/category.php interpolates user-controlled data directly into a SQL query, enabling SQL injection when creating or renaming categories. The vulnerability stems from building the query with $clean_title...

Canarytokens 跨站脚本漏洞

Canarytokens is a web activity tracking system open source by Thinkst Applied Research. Previous versions of Canarytokens had a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of the title field in PWA Canarytoken, which could lead to cross-site scripting...

NotesCMS 安全漏洞

NotesCMS is a full-featured content management system from Fullstack WebDev open source. A security vulnerability exists in NotesCMS that stems from improper handling of the /index.php?route=sites page title, which could lead to a stored cross-site scripting attack...

mblog 安全漏洞

mblog is a blogging system by langhsu individual developer. A security vulnerability exists in mblog 3.5.0 and earlier versions, which originates from a cross-site scripting attack due to incorrect manipulation of the content/title parameter in file/post/submit...

jshERP 路径遍历漏洞

jshERP Huaxia ERP is a homegrown ERP system by the individual developer of Ji Sheng Hua in China. jshERP 3.5 and previous versions of path traversal vulnerability, the vulnerability stems from improper operation of the parameter Title in the file SystemConfigController.java, which may lead to pat...

WordPress plugin Borderless – Elementor Addons and Templates 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

Book Borrower System Cross-Site Scripting Vulnerability

Book Borrower System is a book borrowing system by the individual developer Remy Andrade. A cross-site scripting vulnerability exists in Book Borrower System version 1.0, which stems from an incorrect manipulation of the Book Title/Book Author parameter that can lead to cross-site scripting...

PT-2023-26807 · Conemu · Conemu

Name of the Vulnerable Software and Affected Versions: ConEmu versions prior to commit 230724 Description: The issue is related to the incorrect sanitization of title responses for control characters, potentially leading to arbitrary code execution. This is connected to an incomplete fix for a...

MediaWiki 跨站脚本漏洞

MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.A cross-site scripting vulnerability exists in MediaWiki, which stems from a failure of the...

CVE-2018-9956

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

FreeBSD : xloadimage -- buffer overflows in NIFF image title handling (2f0cb4bb-416d-11da-99fe-000854d03344)

Ariel Berkman reports : Unlike most of the supported image formats in xloadimage, the NIFF image format can store a title name of arbitrary length as part of the image file. When xloadimage is processing a loaded image, it is creating a new Image object and then writing the processed image to it...