CVE-2022-1299 – Slideshow <= 2.3.1 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1299
The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin Slideshow de WordPress versiones hasta 2.3.1, no sanea ni escapa de algunos de sus ajustes de presentación por defecto, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html no está permitida • https://wpscan.com/vulnerability/8c46adb1-82d7-4621-a8c3-15cd90e98b96 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-4338
https://notcve.org/view.php?id=CVE-2009-4338
SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Una vulnerabilidad de inyección SQL en la extensión 'Flash slideshow' (slideshow) v0.2.2 de TYPO3 permite a atacantes remotos ejecutar comandos SQL a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020 http://www.vupen.com/english/advisories/2009/3550 https://exchange.xforce.ibmcloud.com/vulnerabilities/54781 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •