2 matches found
CVE-2026-5247
The CVE concerns the WordPress plugin Schedule Post Changes With PublishPress Future (WordPress). All versions up to 4.10.0 are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the [futureaction] shortcode’s wrapper attribute. The root cause is insufficient input sanitization: esc...
PT-2017-15203 · Cs Cart · Cs-Cart Japanese Edition +1
Name of the Vulnerable Software and Affected Versions: CS-Cart Japanese Edition versions 4.3.10 and earlier excluding v2 and v3 CS-Cart Multivendor Japanese Edition versions 4.3.10 and earlier excluding v2 and v3 Description: A cross-site request forgery CSRF issue allows remote attackers to hija...