CVE-2024-38357

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has bee...

GHSA-9HCV-J9PV-QMPH TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This vulnerability...

WordPress Theme Ask me 跨站请求伪造漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Ask me versions prior to 6.8.4 that stems from a random...

Cross-site Scripting (XSS) - Stored in s-cart/core

Description Multiple Stored XSS exists in S-Cart Version 6.8.4 and below leads to cookie stealing of any victim that visits the affected URL. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie. Proof of Conce...

Cross site scripting

RainbowFish PacsOne Server 6.8.4 allows XSS...

Improper access control

RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control...

CVE-2020-7110

ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher...

CVE-2020-7111

A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher...

CVE-2017-5539

The patch for directory traversal CVE-2017-5480 in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ../ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether...

CVE-2017-5539

CVE-2017-5539 relates to a bypass of the directory-traversal patch for b2evolution 6.8.4-stable, allowing an attacker to use ../ to bypass filters and read/delete arbitrary server files or check file existence. Affected product: b2evolution (PHP/MySQL blogging software). Root cause: incomplete fi...

[SA18372] WebGUI Form Module Script Insertion Vulnerability

TITLE: WebGUI Form Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA18372 VERIFY ADVISORY: http://secunia.com/advisories/18372/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: WebGUI 6.x http://secunia.com/product/4293/ DESCRIPTION: Hans Wolters has...