The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used.
View Full Alert
Related Posts
CVE-2016-10761Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack. View Full Alert
CVE-2016-10245Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection. View Full Alert
CVE-2016-5235A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted…