Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
text vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-4604
Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in the Your Text Manager plugin 0.3.0 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the ytmpw parameter.
Your-text-manager Project Your-text-manager
4.8
CVSSv3
CVE-2023-26539
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Chirkov Advanced Text Widget plugin <= 2.1.2 versions.
Advanced Text Widget Project Advanced Text Widget
NA
CVE-2014-5714
The Text Me! Free Texting & Call (aka com.textmeinc.textme) application 2.5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Go-text Text Me\\! Free Texting \\& Call 2.5.5
NA
CVE-2008-3367
Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web Wiz Rich Text Editor (RTE) 3.x and 4.x prior to 4.03 allows remote malicious users to inject arbitrary web script or HTML via the email parameter.
Webwizguide Web Wiz Rich Text Editor
Webwizguide Web Wiz Rich Text Editor 3
Webwizguide Web Wiz Rich Text Editor 4.0
Webwizguide Web Wiz Rich Text Editor 4.01
5.4
CVSSv3
CVE-2015-20019
The Content text slider on post WordPress plugin prior to 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues
Content Text Slider On Post Project Content Text Slider On Post
4.8
CVSSv3
CVE-2022-1395
The Easy FAQ with Expanding Text WordPress plugin up to and including 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
Easy Faq With Expanding Text Project Easy Faq With Expanding Text
7.5
CVSSv3
CVE-2021-38561
golang.org/x/text/language in golang.org/x/text prior to 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.
Golang Text
7.5
CVSSv3
CVE-2020-28852
In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
Golang Text
7.5
CVSSv3
CVE-2022-32149
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
Golang Text
5.4
CVSSv3
CVE-2023-5817
The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it pos...
Eralion Neon Text
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2108
CVE-2024-31061
CVE-2024-25959
CVE-2023-45866
injection
IDOR
memory leak
CVE-2024-1086
CVE-2023-42931
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »