CVE-2024-49320 – WordPress Encyclopedia / Glossary / Wiki plugin <= 1.7.60 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49320
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dennis Hoppe Encyclopedia / Glossary / Wiki allows Reflected XSS.This issue affects Encyclopedia / Glossary / Wiki: from n/a through 1.7.60. The Encyclopedia / Glossary / Wiki plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.7.60 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/encyclopedia-lexicon-glossary-wiki-dictionary/wordpress-encyclopedia-glossary-wiki-plugin-1-7-60-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-28865 – django-wiki denial of service via regular expression
https://notcve.org/view.php?id=CVE-2024-28865
django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users. django-wiki es un sistema wiki para Django. Las instalaciones de django-wiki anteriores a la versión 0.10.1 son vulnerables al contenido de artículos creados con fines malintencionados que pueden causar un uso severo de la CPU del servidor a través de un bucle de expresión regular. • https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2020-19277
https://notcve.org/view.php?id=CVE-2020-19277
Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor. • https://github.com/phachon/mm-wiki/issues/68 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-19278
https://notcve.org/view.php?id=CVE-2020-19278
Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter. • https://github.com/phachon/mm-wiki/issues/68 https://imgur.com/EABvnwz • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-42985
https://notcve.org/view.php?id=CVE-2022-42985
The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS). La extensión ScratchLogin hasta la versión 1.1 para MediaWiki no escapa a los mensajes de error de verificación, lo que permite a los usuarios con privilegios de administrador realizar cross-site scripting (XSS). • https://github.com/InternationalScratchWiki/mediawiki-scratch-login/blob/4d2c1229b558b9cd685961274f20b621d114f4db/ScratchLogin.common.php#L104 https://github.com/InternationalScratchWiki/mediawiki-scratch-login/pull/22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •