CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16525 – Checklist <= 1.1.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-16525
An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code. Se detectó un problema de tipo XSS en el plugin checklist versiones anteriores a 1.1.9 para WordPress. El parámetro fill no es filtrado correctamente en el archivo checklist-icon.php, y es posible inyectar código JavaScript. • https://packetstormsecurity.com/files/154436/WordPress-Checklist-1.1.5-Cross-Site-Scripting.html https://plugins.trac.wordpress.org/changeset/2155029 https://wordpress.org/plugins/checklist/#developers https://wpvulndb.com/vulnerabilities/9877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2CVE-2018-7318 – Joomla! Component CheckList 1.1.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-7318
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter. Existe inyección SQL en el componente CheckList 1.1.1 para Joomla! mediante los parámetros title_search, tag_search, name_search, description_search o filter_order. Joomla! • https://www.exploit-db.com/exploits/44163 https://exploit-db.com/exploits/44163 https://www.oracle.com/security-alerts/cpujan2021.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •