Show filters
252 Total Results
Displaying 31-40 of 252
Sort by:
Attacker Value
Unknown
CVE-2021-41731
Disclosure Date: September 16, 2022 (last updated February 24, 2025)
Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field
0
Attacker Value
Unknown
CVE-2022-31856
Disclosure Date: July 05, 2022 (last updated February 24, 2025)
Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
0
Attacker Value
Unknown
CVE-2017-20094
Disclosure Date: June 24, 2022 (last updated February 24, 2025)
A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this issue. It is recommended to upgrade the affected component.
0
Attacker Value
Unknown
CVE-2022-1889
Disclosure Date: June 20, 2022 (last updated February 23, 2025)
The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed
0
Attacker Value
Unknown
CVE-2022-1756
Disclosure Date: June 13, 2022 (last updated February 23, 2025)
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
0
Attacker Value
Unknown
CVE-2021-36912
Disclosure Date: May 04, 2022 (last updated February 23, 2025)
Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role.
0
Attacker Value
Unknown
CVE-2022-0206
Disclosure Date: February 14, 2022 (last updated February 23, 2025)
The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
0
Attacker Value
Unknown
CVE-2020-23039
Disclosure Date: October 22, 2021 (last updated February 23, 2025)
Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name.
0
Attacker Value
Unknown
CVE-2021-36791
Disclosure Date: August 13, 2021 (last updated November 28, 2024)
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data.
0
Attacker Value
Unknown
CVE-2021-36789
Disclosure Date: August 13, 2021 (last updated February 23, 2025)
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection.
0