WordPress 4.7.x < 4.7.24 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A SQL injection vulnerability within the Link API. - A Cross-Site Scripting XSS vulnerability on the Plugins screen. - An output escaping issue within themeta. Note that t...

CVE-2021-37155

wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response. Remediation Upgrade wolfssl to version 4.8....

WordPress 4.7.x < 4.7.2 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

PT-2010-1069 · Rpm +2 · Rpm +2

Name of the Vulnerable Software and Affected Versions: RPM versions prior to 4.9.1.3 RPM versions 4.8.0 and 4.7.x and 4.6.x RPM versions before 4.4.3 Description: The issue affects the RPM package, potentially leading to breaches of confidentiality, integrity, and availability of protected...

SA-2008-007 - Drupal core - Cross site scripting (register_globals)

When theme .tpl.php files are accessible via the web and the PHP setting registerglobals is set to enabled, anonymous users are able to execute cross site scripting attacks via specially crafted links. Drupals .htaccess attempts to set registerglobals to disabled and also prevents access to...

CVE-2007-5597

The hookcomments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by 1 Organic groups and 2 Subscriptions...

Project and Project issue tracking - Access bypass

The Project and Project issue tracking modules provide a series of permissions to control access to projects and issues: "access projects", "access own projects", "access project issues" and "access own project issues". While these permissions correctly prevent users from viewing the entire proje...

[DRUPAL-SA-2007-018] Drupal 4.7.7 and 5.2 fix multiple cross site scripting vulnerabilities

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2007-018 ---------------------------------------------------------------------------- Project: Drupal core Version: 4.7.x, 5.x Date: 2007-July-26 Security risk: Moderately critical...

Project and Project issue tracking XSS

Several fields are not passed through checkplain on display. A malicious user could use these fields to insert and execute XSS Cross Site Scripting. This may lead to administrator access if certain conditions are met. Additionally, certain error messages are generated that include potentially...