7 matches found
EUVD-2023-43103
Malicious code in bioql PyPI...
CVE-2021-36381
In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logonerror= on the login screen of the Web application...
CVE-2021-35451
In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application...
CVE-2019-13188
In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application...
CVE-2024-13727
CVE-2024-13727 concerns the MemberSpace WordPress plugin, affected versions prior to 2.1.14. The issue is a reflected Cross‑Site Scripting (XSS) vulnerability caused by insufficient sanitization/escaping of a parameter before output in the page. The impact, as documented, is a reflected XSS that ...
CVE-2022-4049 WP User <= 7.0 - Unauthenticated SQLi
The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...
CVE-2017-15215
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...