EUVD-2024-32739

Malicious code in bioql PyPI...

CVE-2022-31049

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions...

CVE-2024-4180 The Events Calendar < 6.4.0.1 - Reflected XSS

The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX...

BIT-TYPO3-2020-11066

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary...

User Submitted Posts < 20230811 - Unauthenticated Stored XSS

Description The plugin does not sanitize and escape the user-submitted-content parameter, which could allow unauthenticated users to perform Stored XSS attacks...

PT-2023-28687 · WordPress · User Submitted Posts

Name of the Vulnerable Software and Affected Versions: User Submitted Posts plugin for WordPress versions up to, and including, 20230809 Description: The issue is related to Stored Cross-Site Scripting via the user-submitted-content parameter due to insufficient input sanitization and output...

TYPO3 XSS Vulnerability (TYPO3-CORE-SA-2022-004)

TYPO3 is prone to a cross-site scripting XSS vulnerability in the Frontend Login Mailer. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2020-11066

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary...

CVE-2016-11001

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field...

Cart Engine 3.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications === Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a...

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...