CVE-2026-7085

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

EUVD-2026-25768

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

CVE-2026-7085 HBAI-Ltd Toonflow-app downloadApp Endpoint downloadApp.ts z.url path traversal

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

EUVD-2017-9152

Malware in sbrugna...

WordPress Z-URL Preview plugin <= 1.6.2 - Cross-Site Scripting (XSS) vulnerability

A Cross-Site Scripting XSS vulnerability found by Neorichi in WordPress Z-URL Preview plugin versions = 1.6.2. Vulnerable to Cross-Site Scripting via the class.zlinkpreview.php url parameter. Solution Update the WordPress Z-URL Preview plugin to the latest available version at least 2.0.0...

WordPress Z-URL Preview Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site. z-URL Preview plugin is used in one of the external links to get the plugin . A cross-site scripting vulnerability...

Design/Logic Flaw

The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter...

CVE-2017-18012

The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter...

CVE-2017-18012

The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter...

CVE-2017-18012

The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter...

CVE-2017-18012

The CVE-2017-18012 entry concerns the WordPress plugin Z-URL Preview (versions up to 1.6.1/1.6.2 per sources). The vulnerability is a Cross‑Site Scripting (XSS) attack triggered through the parameter in the file class.zlinkpreview.php (the url parameter), enabling script injection in affected pag...

WordPress Z-URL Preview 1.6.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Vulnerable Z-URL Preview 1.6.1 Z-URL Preview is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

Z-URL Preview <= 1.6.2 - Cross-Site Scripting (XSS)

The Z-URL Preview WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

WordPress Z-URL Preview 1.6.1 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Z-URL Preview 1.6.1 Z-URL Preview is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in...