Show filters
11 Total Results
Displaying 1-10 of 11
Sort by:
Attacker Value
Unknown

CVE-2025-24545

Disclosure Date: February 03, 2025 (last updated February 04, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BannerSky.com BSK Forms Validation allows Reflected XSS. This issue affects BSK Forms Validation: from n/a through 1.7.
0
0
Attacker Value
Unknown

CVE-2025-22347

Disclosure Date: January 07, 2025 (last updated January 07, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in BannerSky.com BSK Forms Blacklist allows Blind SQL Injection.This issue affects BSK Forms Blacklist: from n/a through 3.9.
0
0
Attacker Value
Unknown

CVE-2024-47624

Disclosure Date: October 05, 2024 (last updated October 06, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8.1.
0
0
Attacker Value
Unknown

CVE-2024-43233

Disclosure Date: August 12, 2024 (last updated August 13, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8.
0
0
Attacker Value
Unknown

CVE-2024-38767

Disclosure Date: July 20, 2024 (last updated July 20, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky.Com BSK PDF Manager allows Stored XSS.This issue affects BSK PDF Manager: from n/a through 3.6.
0
0
Attacker Value
Unknown

CVE-2023-5980

Disclosure Date: December 26, 2023 (last updated January 03, 2024)
The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-30872

Disclosure Date: December 20, 2023 (last updated December 27, 2023)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-5141

Disclosure Date: December 04, 2023 (last updated December 08, 2023)
The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does not sanitise and escape the inserted_count parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-5110

Disclosure Date: October 25, 2023 (last updated November 02, 2023)
The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-24860

Disclosure Date: November 29, 2021 (last updated February 23, 2025)
The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
View More Topics  Next >