5 matches found
CVE-2026-8495 Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037
Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15...
WordPress WhyDonate - FREE Donate button - Crowdfunding - Fundraising plugin <= 4.0.15 - Missing Authorization to Unauthenticated wp_wdplugin_style Rww Deletion vulnerability
WordPress WhyDonate - FREE Donate button - Crowdfunding - Fundraising plugin = 4.0.15 - Missing Authorization to Unauthenticated wpwdpluginstyle Rww Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Whydonate versions = 4.0.15...
EUVD-2025-205601
phpMyFAQ has Stored XSS in user list via admin-managed displayname...
PT-2025-7229 · What3Words · What3Words Address Field
Name of the Vulnerable Software and Affected Versions: what3words Address Field versions n/a through 4.0.15 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the what3words Address Field. This means an attacker can perform unauthorized actions on ...
UBUNTU-CVE-2013-2040
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...