2 matches found
CVE-2024-45799 Javascript Injection in Vending Info/Buyers Info Module in FluxCP
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a...
CVE-2015-10128 rt-prettyphoto Plugin rt-prettyphoto.php royal_prettyphoto_plugin_links cross site scripting
A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royalprettyphotopluginlinks of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgradin...