Insufficient sanitizing in the TeX notation filter resulted in an
arbitrary file read risk on sites where pdfTeX is available (such as
those with TeX Live installed).
A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.
A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk.
The question bank filter required additional sanitizing to prevent a reflected XSS risk.
Description information displayed in the site administration live log
required additional sanitizing to prevent a stored XSS risk.
A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.
A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitize_pdf_src function regex bypass in all versions up
An SQL injection risk was identified in the module list filter within course search.
ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText() function within Security.php that fails to properly sanitize user input by only de
A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators.
The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e
The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ver' or 'date' parameter in all versions up to, and including, 2.5.5 due to insufficient input sanitization
lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files.
The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient i
The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.
A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify.
The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output
When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., ) are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filter_input()
Page 1+ Next →