CVE-2025-58017 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.8.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through = 2.8.6...

CVE-2020-15952

Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based...

CVE-2020-15949

Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover...

CVE-2020-15950

Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout...

Ant-Media-Server vulnerable to Improper Output Neutralization for Logs

Ant-Media-Server v2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be include...

CVE-2020-15951

Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal...

Design/Logic Flaw

Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout...

Design/Logic Flaw

Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal...

CVE-2020-15950

CVE-2020-15950 affects Immuta v2.8.2. The vulnerability is described as improper session management, where user sessions are not revoked upon logout. This indicates a potential persistence of sessions after logout, as stated in the provided descriptions. No explicit exploitation details, affected...

CVE-2020-15950

Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout...

CVE-2020-15949

Technical details (affected versions, root cause, and fixes) are not publicly provided in the supplied documents. Monitor for updates.

CVE-2020-15951

CVE-2020-15951 affects Immuta v2.8.2, where user-supplied project names are not properly sanitized. This allows injection of arbitrary HTML content that can be rendered by the application, enabling attackers to redirect users to phishing sites and attempt credential theft. The available sources c...

CVE-2020-15951

Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal...

CVE-2020-15952

CVE-2020-15952 affects Immuta v2.8.2. The reports describe a stored XSS that enables a low-privileged user to escalate to administrative permissions, and additional risks where unauthenticated attackers can phish Immuta users to steal credentials or perform actions on behalf of authenticated user...

Design/Logic Flaw

Piwigo v2.8.2 has XSS via the tab, to, section, mode, installstatus, and display parameters of the admin.php file...

CVE-2018-5692

Piwigo v2.8.2 has XSS via the tab, to, section, mode, installstatus, and display parameters of the admin.php file...

CVE-2018-5692

Piwigo v2.8.2 has XSS via the tab, to, section, mode, installstatus, and display parameters of the admin.php file...

CVE-2018-5692

Piwigo v2.8.2 has XSS via the tab, to, section, mode, installstatus, and display parameters of the admin.php file...

CVE-2018-5692

Piwigo v2.8.2 is affected by a cross-site scripting (XSS) vulnerability in admin.php. The issue can be triggered by unsafely handling input in the tab, to, section, mode, installstatus, and display parameters, allowing injection of malicious script. This vulnerability is documented across multipl...