The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to....
4.8CVSS
4.8AI Score
0.001EPSS
6.1CVSS
6.5AI Score
0.001EPSS
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before...
9.8CVSS
7.3AI Score
0.002EPSS
7.5CVSS
7.3AI Score
0.001EPSS
A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator...
8.8CVSS
7.4AI Score
0.001EPSS
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on...
5.4CVSS
6.5AI Score
0.001EPSS
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious...
6.1CVSS
6.8AI Score
0.001EPSS
Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to...
6.9AI Score
0.003EPSS
Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail...
6.5AI Score
0.015EPSS
The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to...
6.8AI Score
0.02EPSS
Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums...
7.6AI Score
0.003EPSS