3 matches found
CVE-2022-2189
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2021-24896
The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
NLnet Labs Unbound 输入验证错误漏洞
Unbound is a DNS resolver that supports validation, recursion, and caching features. An integer overflow vulnerability exists in the size calculation in respip/respip.c in versions of Unbound prior to 1.9.5. No detailed vulnerability details are provided at this time...