CVE-2022-1299 – Slideshow <= 2.3.1 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1299
The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin Slideshow de WordPress versiones hasta 2.3.1, no sanea ni escapa de algunos de sus ajustes de presentación por defecto, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html no está permitida • https://wpscan.com/vulnerability/8c46adb1-82d7-4621-a8c3-15cd90e98b96 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1000117
https://notcve.org/view.php?id=CVE-2016-1000117
XSS & SQLi in HugeIT slideshow v1.0.4 XSS y SQLi en diapositivas HugeIT v1.0.4 • http://extensions.joomla.org/extensions/extension/photos-a-images/slideshow/slideshow http://www.securityfocus.com/bid/93822 http://www.vapidlabs.com/advisory.php?v=166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2016-1000118
https://notcve.org/view.php?id=CVE-2016-1000118
XSS & SQLi in HugeIT slideshow v1.0.4 Vulnerabilidad de XSS y vulnerabilidad de inyección SQLi en HugeIT slideshow v1.0.4 • http://extensions.joomla.org/extensions/extension/photos-a-images/slideshow/slideshow http://www.securityfocus.com/bid/93822 http://www.vapidlabs.com/advisory.php?v=166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-3634 – Slideshow 2.2.8 - 2.2.21 - Information Exposure
https://notcve.org/view.php?id=CVE-2015-3634
The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values. La función SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX en el plugin Slideshow, versiones de la 2.2.8 a la 2.2.21 parar Wordpress permite a atacantes remotos leer valores de opciones de WordPress arbitrarias. • http://www.openwall.com/lists/oss-security/2015/05/02/12 http://www.securityfocus.com/bid/74453 https://github.com/Boonstra/Slideshow/commit/cac505e593cbe70a4d8af5b639f5385d4cc7aa04 https://wordpress.org/plugins/slideshow-jquery-image-gallery/#developers • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-4338
https://notcve.org/view.php?id=CVE-2009-4338
SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Una vulnerabilidad de inyección SQL en la extensión 'Flash slideshow' (slideshow) v0.2.2 de TYPO3 permite a atacantes remotos ejecutar comandos SQL a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020 http://www.vupen.com/english/advisories/2009/3550 https://exchange.xforce.ibmcloud.com/vulnerabilities/54781 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •