371 matches found
Cross site scripting
LogoBee 0.2 allows updates.php?id= XSS...
LogoBee Cross-Site Scripting Vulnerability
LogoBee is a logo creation software from LogoBee Inc. in the United States. A cross-site scripting vulnerability exists in LogoBee version 0.2, which stems from the use of a special load that can lead to cross-site scripting...
CVE-2023-52257
CVE-2023-52257 affects LogoBee 0.2 with a cross‑site scripting vulnerability in the updates.php?id= endpoint. The root cause is unsafe handling of the id parameter, enabling injected scripts to run in the application's context. Impact: XSS that can affect users interacting with the update interfa...
PT-2023-31944 · Logobee · Logobee
Name of the Vulnerable Software and Affected Versions: LogoBee version 0.2 Description: The issue allows for XSS in the updates.php?id= endpoint. Recommendations: For LogoBee version 0.2, as a temporary workaround, consider restricting access to the "updates.php?id=" endpoint until a patch is...
PT-2023-7082
Name of the Vulnerable Software and Affected Versions ownCloud owncloud/graphapi versions 0.2.x through 0.2.0 and versions 0.3.x through 0.3.0 Description The issue is related to the graphapi app in ownCloud, which relies on a third-party GetPhpInfo.php library. This library provides a URL that,...
Code injection
An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt JSON web token...
PT-2023-30716 · Unknown · Websiteguide
Name of the Vulnerable Software and Affected Versions: WebsiteGuide version 0.2 Description: An issue with insecure permissions in WebsiteGuide allows a remote attacker to gain escalated privileges by using a crafted JSON web token jwt. Recommendations: For WebsiteGuide version 0.2, consider...
CVE-2023-48176
CVE-2023-48176 affects WebsiteGuide v0.2, where an insecure permissions issue could let a remote attacker escalate privileges by presenting a crafted JWT. Documents consistently describe this vulnerability across multiple feeds, listing WebsiteGuide 0.2 as the affected version and citing privileg...
CVE-2023-37656
WebsiteGuide v0.2 is vulnerable to Remote Command Execution RCE via image upload...
CVE-2022-45361
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Boris Kuzmanov 0mk Shortener plugin = 0.2 versions...
WordPress Plugin 0mk Shortener 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2023-25795
Auth. admin+ Cross-Site Scripting XSS vulnerability in WP-master.Ir Feed Changer & Remover plugin = 0.2 versions...
WordPress Plugin master.Ir Feed Changer & Remover 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-20310 · WordPress · Wp-Master.Ir Feed Changer & Remover
Name of the Vulnerable Software and Affected Versions: WP-master.Ir Feed Changer & Remover plugin versions 0.2 and earlier Description: The issue is related to an authentication bypass and Cross-Site Scripting XSS vulnerability. This allows for potential malicious script injection, affecting the...
CVE-2022-2933
The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...
Improper access control
A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. The...
cool-php-captcha 跨站脚本漏洞
cool-php-captcha is an application by the individual developer LaoWei. A cross-site scripting vulnerability exists in version 0.2 of cool-php-captcha, which stems from unknown code in the file example-form.php, and can be exploited to cause cross-site scripting using the input of an action-specif...
Sql injection
A vulnerability was found in mrtnmtth joomlamodeinsatzstats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address this issue. The...
PT-2023-10335 · Joomla · Joomla Mod Einsatz Stats
Name of the Vulnerable Software and Affected Versions: joomla mod einsatz stats versions up to 0.2 Description: A critical issue was found, affecting the getStatsByType function in the helper.php file. The manipulation of the year argument leads to SQL injection. Recommendations: For versions up ...
Unspecified Vulnerability in Super Xray
Super Xray is an excellent vulnerability scanning tool by 4ra1n individual developers. A security vulnerability exists in Super Xray version 0.2-beta Linux and Mac OS systems, which can be exploited by attackers to elevate privileges...