PT-2024-17350 · WordPress · Ichart

Name of the Vulnerable Software and Affected Versions: iChart – Easy Charts and Graphs plugin for WordPress versions up to, and including, 2.1.0 Description: The issue is related to Stored Cross-Site Scripting via the width parameter due to insufficient input sanitization and output escaping. Thi...

WordPress plugin iChart 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...

WordPress iChart plugin <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin iChart versions = 2.1.0...

CVE-2024-52300 macro-pdfviewer has a XSS through the width parameter

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin...

PT-2024-8494 · Mozilla · Pdf.Js

Name of the Vulnerable Software and Affected Versions: macro-pdfviewer versions prior to 2.5.6 Description: The issue is related to the macro-pdfviewer PDF viewer macro for XWiki, which uses Mozilla pdf.js. The width parameter of the PDF viewer macro is not properly escaped, allowing for cross-si...

PDF Viewer Macro 安全漏洞

PDF Viewer Macro is an open source macro for XWiki SAS. It allows viewing PDF files attached to XWiki pages from within the XWiki page. A security vulnerability exists in PDF Viewer Macro prior to version 2.5.6, which stems from the width parameter of the PDF Viewer Macro not being properly...

PT-2024-39641 · WordPress · Embed Pdf Viewer

Name of the Vulnerable Software and Affected Versions: Embed PDF Viewer plugin for WordPress versions up to, and including, 2.4.4 Description: The issue is related to Stored Cross-Site Scripting via the height and width parameters due to insufficient input sanitization and output escaping. This...

PT-2024-38363 · Fastadmin · Fastadmin

Name of the Vulnerable Software and Affected Versions: FastAdmin version 1.5.0.20240328 Description: A vulnerability was found in the Attachment Management Section of the software, affecting the file /admins url.php/general/attachment/edit/ids/4?dialog=1. The issue arises from the manipulation of...

WordPress WP Video Lightbox plugin <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Video Lightbox versions = 1.9.10...

WordPress plugin WP Video Lightbox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-30403 · WordPress · Wp Video Lightbox

Name of the Vulnerable Software and Affected Versions: WP Video Lightbox plugin for WordPress versions up to, and including, 1.9.10 Description: The issue is related to Stored Cross-Site Scripting via the width parameter due to insufficient input sanitization and output escaping. This allows...

CVE-2023-7225

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-7225

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2024-15236 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions up to, and including, 2.88.16 Description: The issue is related to Stored Cross-Site Scripting via the width and height parameters due to insufficient input sanitization and output escaping. This allows...

NdkAdvancedCustomizationFields SQL注入漏洞

NdkAdvancedCustomizationFields is an advanced customization field from Ndk. A security vulnerability exists in NdkAdvancedCustomizationFields version v3.5.0, which stems from a SQL injection vulnerability in the height and width parameters, allowing an unauthenticated attacker to steal database...

CVE-2021-24334

The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplashdownloadw and unsplashdownloadh parameter settings /wp-admin/upload.php?page=instant-images, only validating them client side before saving them, leading to a Stored...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Instant Images - One Click Unsplash Uploads A security...

CVE-2021-27969

Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter...

CVE-2021-27969

Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter...

CVE-2021-27969

Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter...