15 matches found
EUVD-2024-2602
Malicious code in bioql PyPI...
CVE-2025-47549
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF beaf-before-and-after-gallery allows Upload a Web Shell to a Web Server.This issue affects BEAF: from n/a through = 4.6.10...
CVE-2025-47549 WordPress BEAF <= 4.6.10 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10...
CVE-2025-47549 WordPress BEAF plugin <= 4.6.10 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF beaf-before-and-after-gallery allows Upload a Web Shell to a Web Server.This issue affects BEAF: from n/a through = 4.6.10...
CVE-2024-43369
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...
CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...
CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...
WordPress Plugin Shariff Wrapper 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Shariff Wrapper Plugin <= 4.6.9 is vulnerable to Cross Site Scripting (XSS)
Software Shariff Wrapper Type Plugin Vulnerable versions = 4.6.9 Fixed in 4.6.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0966 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 32b0d6ace355 Credits Muhammad Daffa Required...
WordPress plugin Shariff Wrapper security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
PT-2024-16732 · WordPress · Shariff Wrapper
Name of the Vulnerable Software and Affected Versions: Shariff Wrapper WordPress plugin versions prior to 4.6.10 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example,...
Shariff Wrapper < 4.6.10 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the...
PT-2023-30300 · Stormshield · Stormshield Network Security
Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 4.3.13 through 4.3.22 Stormshield Network Security SNS versions 4.6.0 through 4.6.9 Stormshield Network Security SNS versions 4.7.0 through 4.7.1 Description: An issue was discovered in Stormshield...
starter-public-edition-4 安全漏洞
starter-public-edition-4 is a CodeIgniter-based PHP application for beginners by the individual developer Ivan Tcholakov. A security vulnerability exists in starter-public-edition-4 version 4.6.10 and earlier versions. An attacker exploits the vulnerability to perform cross-site scripting attacks...
Zoom Client Path Traversal Vulnerability
Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A path traversal vulnerability exists in Zoom Client version 4.6.10. An attacker can exploit this vulnerability to execute arbitrary code with the help of a specially crafted message...