15 matches found
EUVD-2021-11807
Malware in sbrugna...
EUVD-2022-24713
Malicious code in bioql PyPI...
CVE-2021-24895
The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2019-11229
models/repomirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution...
CVE-2022-1396 Donorbox < 7.1.7 - Admin+ Stored Cross-Site Scripting
The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...
WordPress Cybersoldier Cross-Site Scripting Vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in WordPress Cybersoldier, which stems from not cleaning and escaping URL settings before exporting them to properties, and can be exploited by a highl...
CVE-2021-24895
The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24895
The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24895 Cybersoldier < 1.7.0 - Admin+ Stored Cross-Site Scripting
The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in WordPress Cybersoldier, which stems from not cleaning and escaping URL settings before exporting them to properties, and can be exploited by a highl...
GHSA-HPMR-PRR2-CQC4 Gitea Remote Code Execution
models/repomirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution...
Gitea Remote Code Execution
models/repomirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution...
Remote code execution
models/repomirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution...
CVE-2019-11229
models/repomirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution...