8 matches found
CVE-2021-39310
The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHPSELF in the /real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2...
CVE-2021-39310 Real WYSIWYG <= 0.0.2 Reflected Cross-Site Scripting
The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHPSELF in the /real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2...
Cross site scripting
Cross-site scripting XSS vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title...
CVE-2015-3362
Cross-site scripting XSS vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title...
SA-CONTRIB-2015-018 - Video - Cross Site Scripting (XSS)
This module enables you to upload, convert and playback videos. The module doesn't sufficiently sanitize node titles when using the video WYSIWYG plugin, thereby opening a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with th...
Cross site scripting
Cross-site scripting XSS vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-1232
The CVE-2014-1232 vulnerability affects the Foliopress WYSIWYG WordPress plugin, specifically versions before 2.6.8.5. It is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary script or HTML via unspecified vectors. Multiple sources confirm the issue across NVD and...
CVE-2014-1232
Cross-site scripting XSS vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...