CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1299 – Slideshow <= 2.3.1 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1299
The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin Slideshow de WordPress versiones hasta 2.3.1, no sanea ni escapa de algunos de sus ajustes de presentación por defecto, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html no está permitida • https://wpscan.com/vulnerability/8c46adb1-82d7-4621-a8c3-15cd90e98b96 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000117
https://notcve.org/view.php?id=CVE-2016-1000117
XSS & SQLi in HugeIT slideshow v1.0.4 XSS y SQLi en diapositivas HugeIT v1.0.4 • http://extensions.joomla.org/extensions/extension/photos-a-images/slideshow/slideshow http://www.securityfocus.com/bid/93822 http://www.vapidlabs.com/advisory.php?v=166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000118
https://notcve.org/view.php?id=CVE-2016-1000118
XSS & SQLi in HugeIT slideshow v1.0.4 Vulnerabilidad de XSS y vulnerabilidad de inyección SQLi en HugeIT slideshow v1.0.4 • http://extensions.joomla.org/extensions/extension/photos-a-images/slideshow/slideshow http://www.securityfocus.com/bid/93822 http://www.vapidlabs.com/advisory.php?v=166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •