14 matches found
CVE-2025-8783
The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title’ parameter in all versions up to, and including, 8.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
WordPress plugin Contact Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-8908
A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched...
CVE-2025-8908
A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched...
CVE-2025-31487
The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...
CVE-2025-31487 The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server
The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...
PT-2025-9036 · Infoblox · Infoblox Nios
Name of the Vulnerable Software and Affected Versions: Infoblox NIOS versions prior to 8.6.5 Description: The issue is related to Improper Access Control for Grids, which could potentially allow unauthorized access. Recommendations: For versions prior to 8.6.5, update to version 8.6.5 or later to...
Security Updates for Azure CycleCloud (November 2024)
The Azure CycleCloud product is missing security updates. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability exists due to a disclosure of the storage credentials. An authenticated, remote attacker can exploit this to bypass authentication and execu...
Evertz microsystems MViP-II 安全漏洞
Evertz microsystems MViP-II is an IP-based multi-image display and monitoring solution from Evertz, USA. A security vulnerability exists in Evertz microsystems MViP-II version 8.6.5 that stems from the presence of a cross-site scripting vulnerability that could allow a remote attacker to execute...
WordPress Geo Controller < 8.6.5 - PHP Object Injection
Description The plugin unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
WordPress Geo Controller Plugin <= 8.6.4 is vulnerable to Cross Site Scripting (XSS)
Software Geo Controller Type Plugin Vulnerable versions = 8.6.4 Fixed in 8.6.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e663f7c5a611 Credits LVT-tholv2k Required privilege...
PT-2023-6145 · Fortinet · Fortiwlm
Name of the Vulnerable Software and Affected Versions: Fortinet FortiWLM versions 8.5.0 through 8.5.4 Fortinet FortiWLM versions 8.6.0 through 8.6.5 Description: The issue exists due to improper neutralization of special elements used in an operating system command, allowing for os command...
Design/Logic Flaw
An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords...
Motorola Timbuktu login request buffer overflow
Added: 05/15/2008 CVE: CVE-2007-4221 BID: 25454 OSVDB: 40124 Background Motorola Timbuktu is remote control software for Windows and Mac. It runs a service which listens for connections on port 407/TCP or 407/UDP. Problem A buffer overflow vulnerability when processing login requests allows remot...