5 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin Slideshow de WordPress versiones hasta 2.3.1, no sanea ni escapa de algunos de sus ajustes de presentación por defecto, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html no está permitida • https://wpscan.com/vulnerability/8c46adb1-82d7-4621-a8c3-15cd90e98b96 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

XSS & SQLi in HugeIT slideshow v1.0.4 XSS y SQLi en diapositivas HugeIT v1.0.4 • http://extensions.joomla.org/extensions/extension/photos-a-images/slideshow/slideshow http://www.securityfocus.com/bid/93822 http://www.vapidlabs.com/advisory.php?v=166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

XSS & SQLi in HugeIT slideshow v1.0.4 Vulnerabilidad de XSS y vulnerabilidad de inyección SQLi en HugeIT slideshow v1.0.4 • http://extensions.joomla.org/extensions/extension/photos-a-images/slideshow/slideshow http://www.securityfocus.com/bid/93822 http://www.vapidlabs.com/advisory.php?v=166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0

The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values. La función SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX en el plugin Slideshow, versiones de la 2.2.8 a la 2.2.21 parar Wordpress permite a atacantes remotos leer valores de opciones de WordPress arbitrarias. • http://www.openwall.com/lists/oss-security/2015/05/02/12 http://www.securityfocus.com/bid/74453 https://github.com/Boonstra/Slideshow/commit/cac505e593cbe70a4d8af5b639f5385d4cc7aa04 https://wordpress.org/plugins/slideshow-jquery-image-gallery/#developers • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Una vulnerabilidad de inyección SQL en la extensión 'Flash slideshow' (slideshow) v0.2.2 de TYPO3 permite a atacantes remotos ejecutar comandos SQL a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020 http://www.vupen.com/english/advisories/2009/3550 https://exchange.xforce.ibmcloud.com/vulnerabilities/54781 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •