avo vulnerable to stored cross-site scripting (XSS) in key_value field

Summary A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. Details The value of the keyvalue is inserted directly into the HTML code. In the current...

avo vulnerable to stored cross-site scripting (XSS) in key_value field

Summary A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. Details The value of the keyvalue is inserted directly into the HTML code. In the current...

CVE-2023-43340

Cross-site scripting XSS vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters...

CVE-2021-37819

PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java...

CVE-2021-37819

PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java...

CVE-2021-37819

PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java...

Code injection

PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java...

CVE-2021-37819

CVE-2021-37819 affects PDF Labs pdftk-java 3.2.3 due to an infinite loop in PdfReader.java. The issue is a local, input-driven loop that can impact availability (per CVSS: HIGH, AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The description does not specify a vendor patch or workaround; no remediation det...

CVE-2021-37819

PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java...

CVE-2020-20120

ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods...

CVE-2020-20120

CVE-2020-20120 affects ThinkPHP v3.2.3 and earlier. The vulnerability is a SQL injection that is triggered when an array is not passed to the methods where and query, allowing potentially arbitrary SQL execution. The NVD entry assigns a high base score (7.5 AV:N/AC:L/C:P/I:P/A:P) and a critical 3...

Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration

Impact 1 If an application is making use of the deprecated kit protocol HALs as the communication channel to the target device an attacker can masquerade as a device and return malformed packets of arbitrary length which the protocol stack will write to the stack. HALs intended for production use...

Rencontre <= 3.2.2 - Multiple CSRF

The plugins is affected by multiple CSRF issues, allowing arbitrary changes of the plugin's settings. November 3rd, 2019 - WordPress Plugin Team Notified November 5th, 2019 - WP Plugins Team acknowledgments of the issue. December 2nd, 2019 - v3.2.2 released, none of the CSRF have been fixed as th...

CVE-2018-16205

Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal...

CVE-2018-16205

Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal...

CVE-2018-0698

Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal...

CVE-2018-0698

Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability

Document Title: =============== Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1820 Release Date: ============= 2016-04-18 Vulnerability Laboratory ID VL-ID: ==================================...