11 matches found
CVE-2025-49076
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a...
CVE-2025-49076
CVE-2025-49076 is a Stored Cross-Site Scripting (XSS) vulnerability affecting The Plus Addons for Elementor Page Builder Lite (WordPress plugin) up to version 6.2.7. The issue arises from improper input neutralization during web page generation. Public sources in the Connected documents confirm t...
CVE-2023-46733 Symfony possible session fixation vulnerability
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, SessionStrategyListener does not migrate the session after every successful login. It does so only in case the logged in...
Store XSS at Label sets list in (Version 6.2.7)
Description First of all, I apologize for reporting back. I noticed, the latest current version is 6.2.7. XSS vulnerabilities still exist Proof of Concept Detail: 1 .Login and access Label sets list 2 .Create new label set 3 . Insert payload in to Title haido" onclick="alert1 4 .Click save ==...
CVE-2022-31144 affecting package redis 6.2.7-1
CVE-2022-31144 affecting package redis 6.2.7-1. This CVE either no longer is or was never applicable...
redis:6 security, bug fix, and enhancement update
6.2.7-1 - rebase to 6.2.7 1999873...
Redis < 6.2.7 Multiple Vulnerabilities
Redis is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redis:redis"; if description...
CVE-2022-24736 A Malformed Lua script can crash Redis
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...
CVE-2019-9854
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...
AfterLogic WebMail Pro ASP.NET Account Takeover / XXE Injection
ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro ASP.NET Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected: AfterLogic WebMail...
Apple Safari Multiple Vulnerabilities-01 (Jul 2015) - Mac OS X
Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...