15 matches found
CVE-2026-0813
The Short Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'shortlinkposttitle' and 'shortlinkpagetitle' parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2026-0813
The CVE-2026-0813 entry concerns the WordPress Short Link plugin. A Stored Cross-Site Scripting (XSS) vulnerability exists in all versions up to and including 1.0 due to insufficient input sanitization and output escaping of the short_link_post_title and short_link_page_title parameters. This all...
CVE-2026-0813 Short Link <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Administration Settings Page
The Short Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'shortlinkposttitle' and 'shortlinkpagetitle' parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
EUVD-2026-2523
The Short Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'shortlinkposttitle' and 'shortlinkpagetitle' parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2026-0813 Short Link <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Administration Settings Page
The Short Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'shortlinkposttitle' and 'shortlinkpagetitle' parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
EUVD-2023-50880
Malicious code in bioql PyPI...
CVE-2024-50826
A SQL Injection vulnerability was found in /admin/addcontent.php in kashipara E-learning Management System Project 1.0 via the title and content parameters...
CVE-2023-46693
Cross Site Scripting XSS vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters...
CVE-2023-46693
Cross Site Scripting XSS vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters...
CVE-2023-46693
Cross Site Scripting XSS vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters...
CVE-2019-8421
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter...
CVE-2016-9891
Cross-site scripting XSS vulnerability in admin/media.php and admin/mediaitem.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or mediatitle parameter aka the media title...
CVE-2012-1639
Multiple cross-site scripting XSS vulnerabilities in product/commerceproduct.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the 1 sku or 2 title parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the 1 user, 2 story, or 3 title parameters...
CVE-2003-1556
Cross-site scripting XSS vulnerability in ccguestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the 1 name and 2 homepagetitle webpage title parameters...