4 matches found
CVE-2026-28405
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses//assignments//submissions/htmlcontent route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1...
EUVD-2025-37981
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a doshortco...
PT-2024-37324 · WordPress · Donation Block For Paypal
Name of the Vulnerable Software and Affected Versions: The Donation Block For PayPal WordPress plugin versions through 2.1.0 Description: The issue is related to a stored cross-site scripting problem. This occurs because the plugin does not properly sanitise and escape form submissions...
CVE-2024-4857
The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...