5 matches found
PT-2026-1619
Name of the Vulnerable Software and Affected Versions AH Shortcodes plugin for WordPress versions prior to 1.0.3 Description The AH Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'column' shortcode attribute. Insufficient input sanitization and output...
PT-2024-33468 · Unknown · Woostagram Connect
Name of the Vulnerable Software and Affected Versions: Woostagram Connect versions 1.0.0 through 1.0.2 Description: The issue allows unrestricted upload of dangerous file types, which can lead to web server compromise by uploading a web shell. This can be exploited by uploading malicious files to...
PT-2020-19675 · Unknown · Eivindfjeldstad-Dot
Name of the Vulnerable Software and Affected Versions: eivindfjeldstad-dot versions prior to 1.0.3 Description: The issue concerns a Prototype Pollution problem. The set function can be tricked into adding or modifying properties of Object.prototype using a proto payload. This allows for potentia...
PT-2016-3817
Name of the Vulnerable Software and Affected Versions rails-html-sanitizer gem versions prior to 1.0.3 Ruby on Rails versions 4.2.x and 5.x Description A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node. This is due to a...
PT-2016-3815
Name of the Vulnerable Software and Affected Versions rails-html-sanitizer gem versions prior to 1.0.3 Ruby on Rails versions 4.2.x and 5.x Description The issue allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes, which can lead to cross-site scripting XSS...