html injection vulnerabilities and exploits

(subscribe to this query)

The Ad Injection WordPress plugin up to and including 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cro...

Ad Injection Project Ad Injection

PEAR HTML_AJAX 0.3.0 up to and including 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression.

Pear Html Ajax 0.3.0 Pear Html Ajax 0.3.1 Pear Html Ajax 0.3.2 Pear Html Ajax 0.3.3 Pear Html Ajax 0.3.4 Pear Html Ajax 0.4.0 Pear Html Ajax 0.4.1 Pear Html Ajax 0.5.0 Pear Html Ajax 0.5.1 Pear Html Ajax 0.5.2 Pear Html Ajax 0.5.3 Pear Html Ajax 0.5.4

SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote malicious users to execute arbitrary SQL commands via the nuser parameter in a registrate action.

Html-edit Html-edit Cms 3.1.8

1 EDB exploit

PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_Q...

Html Quickform Project Html Quickform 3.2.14 Civicrm Civicrm Civicrm Civicrm 5.3.0

The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. This makes it possible for unauthenticated malicious users to inject arbitrary HTML in pages that execute if they can successful...

Haet Email Template Designer – Wp Html Mail Codemiq Wp Html Mail

The HTML Forms WordPress plugin prior to 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users

Ibericode Html Forms

1 Github repository

The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated malicious users to inject arbitrary HTML in pages that execute if they can successfull...

A3rev Wp Email Template Codemiq Wp Html Mail

The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

Freelancer-coder Wordpress Simple Html Sitemap

Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and previous versions, as used in products such as My Blog prior to 1.65, allows remote malicious users to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.

Fuzzymonkey My Blog 1.0 Fuzzymonkey My Blog 1.2 Fuzzymonkey My Blog 1.3 Fuzzymonkey My Blog 1.4 Fuzzymonkey My Blog 1.5 Fuzzymonkey My Blog 1.6 Fuzzymonkey My Blog 1.21 Fuzzymonkey My Blog 1.22 Fuzzymonkey My Blog 1.23 Fuzzymonkey My Blog 1.31 Fuzzymonkey My Blog 1.51 Fuzzymonkey My Blog 1.52

1 EDB exploit

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient prepa...

Wpcalc Wp Coder – Add Custom Html, Css And Js Code Wow-company Wp Coder

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook