EUVD-2022-1608

Malicious code in bioql PyPI...

WordPress Gallery Box plugin <= 1.7.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Gallery Box versions = 1.7.33...

WordPress Gallery Box Plugin <= 1.7.33 is vulnerable to Cross Site Request Forgery (CSRF)

Software Gallery Box Type Plugin Vulnerable versions = 1.7.33 Fixed in 1.7.34 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32110 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f23c5a18d62c Credits Dhabaleshwar Das...

CVE-2022-46890

Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum this is caused by a lack of checks performed by the /forums.php?action=post page...

NexusPHP 安全漏洞

NexusPHP is a free and open source complete PT site building solution. A security vulnerability exists in NexusPHP before 1.7.33, which is caused by a missing check executed on the /forums.php?action=post page...

PT-2023-15097 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP versions prior to 1.7.33 Description: The issue is caused by weak access control, allowing a remote authenticated user to edit any post in the forum. This is due to a lack of checks performed by the "forums.php?action=post" page,...

PT-2023-15095 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP versions prior to 1.7.33 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to reflective cross-site scripting XSS attacks. This can be achieved by injecting malicious input int...

PT-2023-15094 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP versions prior to 1.7.33 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the conuser parameter in "takeconfirm.php", the delcheater parameter in "cheaterbox.php", or the user...

PT-2023-15096 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP versions prior to 1.7.33 Description: A persistent cross-site scripting issue allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter used in the "/subtitles.php" API endpoint...

CVE-2022-46890

Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum this is caused by a lack of checks performed by the /forums.php?action=post page...

CVE-2022-46888

Multiple reflective cross-site scripting XSS vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q paramete...

CVE-2022-1173

stored xss in GitHub repository getgrav/grav prior to 1.7.33...

Cross site scripting

stored xss in GitHub repository getgrav/grav prior to 1.7.33...

Grav 跨站脚本漏洞

Grav is a scalable CMS content management system for personal blogs, small content publishing platforms, and single-page product displays. cross-site scripting vulnerabilities exist in versions prior to Grav 1.7.33, which stem from the application's lack of filtering and escaping of user data. An...

CVE-2018-1153

Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic...

OpenAFS Multiple Information Disclosure Vulnerabilities - Windows

OpenAFS is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE=...