22 matches found
CVE-2026-1187
The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1187
The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1187 ZoomifyWP Free <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'filename' Shortcode Attribute
The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2026-8071
The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2009-3889
Malware in sbrugna...
EUVD-2025-26914
Malicious code in bioql PyPI...
CVE-2025-58863
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SdeWijs Zoomify embed for WP zoom-image-shortcode allows Stored XSS.This issue affects Zoomify embed for WP: from n/a through = 1.5.2...
CVE-2025-58863
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SdeWijs Zoomify embed for WP zoom-image-shortcode allows Stored XSS.This issue affects Zoomify embed for WP: from n/a through = 1.5.2...
CVE-2025-58863 WordPress Zoomify embed for WP Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SdeWijs Zoomify embed for WP zoom-image-shortcode allows Stored XSS.This issue affects Zoomify embed for WP: from n/a through = 1.5.2...
CVE-2025-58863
CVE-2025-58863 relates to a stored XSS in the Zoomify embed for WordPress plugin. Affected software: Zoomify embed for WP, including versions up to and including 1.5.2. The root cause is improper input neutralization during web page generation. Impact is cross-site scripting which can be exploite...
CVE-2025-58863 WordPress Zoomify embed for WP Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SdeWijs Zoomify embed for WP zoom-image-shortcode allows Stored XSS.This issue affects Zoomify embed for WP: from n/a through = 1.5.2...
WordPress Zoomify embed for WP Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Zoomify embed for WP versions = 1.5.2...
PT-2025-36202
Name of the Vulnerable Software and Affected Versions: SdeWijs Zoomify embed for WP versions through 1.5.2 Description: The software contains a Stored Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. This allows for the injection of malicious...
WordPress plugin Zoomify embed for WP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...
Cross site scripting
Cross-site scripting XSS vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title...
CVE-2009-3918
Cross-site scripting XSS vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title...
CVE-2009-3918
Cross-site scripting XSS vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title...
CVE-2009-3918
The CVE applies to the Drupal Zoomify module. Affected versions are Zoomify 5.x before 5.x-2.2 and 6.x before 6.x-1.4. Root cause is a Cross-site Scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the node title. Impact, as stated, is that attack...
SA-CONTRIB-2009-098 - Zoomify - Cross Site Scripting
The Zoomify module integrates the Zoomify Flash applet into Drupal which can be used to pan and zoom on large images. Images are first preprocessed in order for Zoomify to work. The module fails to sanitize a value in the node title, leading to a Cross Site Scripting XSS vulnerability. Versions...
CVE-2007-2920
Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors...