CVE-2025-11456

creationtimestamp| type| source ---|---|--- 2025-11-21 09:02:37+00:00| seen| https://infosec.exchange/users/offseq/statuses/115586875756817583 2025-11-21 09:02:39+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m64wekjcma2t 2025-11-21 11:09:12+00:00| seen|...

CVE-2025-11456

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ehcrmnewticketpost function in all versions up to, and including, 3.3.1. This makes it possible for unauthenticated attackers to upload...

CVE-2025-11456 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File Upload

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ehcrmnewticketpost function in all versions up to, and including, 3.3.1. This makes it possible for unauthenticated attackers to upload...

CVE-2017-11456

Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file...

CVE-2024-11456

creationtimestamp| type| source ---|---|--- 2024-11-21 08:36:14+00:00| seen| https://infosec.exchange/users/cve/statuses/113520028779491271...

CVE-2024-11456 Run Contests, Raffles, and Giveaways with ContestsWP <= 2.0.3 - Reflected Cross-Site Scripting

The Run Contests, Raffles, and Giveaways with ContestsWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.3. This makes it possible for unauthenticated attackers to...

CVE-2024-11456 Run Contests, Raffles, and Giveaways with ContestsWP <= 2.0.3 - Reflected Cross-Site Scripting

The Run Contests, Raffles, and Giveaways with ContestsWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.3. This makes it possible for unauthenticated attackers to...

CVE-2024-11456

CVE-2024-11456 affects the WordPress plugin “Run Contests, Raffles, and Giveaways with ContestsWP” up to version 2.0.3. Root cause is improper escaping in add_query_arg, enabling reflected XSS via links that trigger user actions. Unauthenticated attackers could inject scripts if a user clicks a c...

WordPress Run Contests, Raffles, and Giveaways with ContestsWP Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Run Contests, Raffles, and Giveaways with ContestsWP Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11456 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

LimeSurvey 4.1.11 Cross Site Scripting

Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11456 Vulnerability Details...

LimeSurvey 4.1.11 - (Survey Groups) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE :...

LimeSurvey 4.1.11 - &#039;Survey Groups&#039; Persistent Cross-Site Scripting

Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11456 Vulnerability Details...

qa.theoutdoorjob.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-973232 Security Researcher garletmarco Helped patch 1540 vulnerabilities Received 4 Coordinated Disclosure badges , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting qa.theoutdoorjob.com website and its users. Followi...

CVE-2019-11456

Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code...

CVE-2019-11456

Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code...

CVE-2019-11456

Gila CMS 1.10.1 is affected by CVE-2019-11456. The issue is a CSRF vulnerability in fm/save that can lead to execution of arbitrary PHP code. Documented impact indicates high severity (CVSS3.0: 8.8) with network access, user interaction required, and high impact on confidentiality, integrity, and...

CVE-2018-11456

Siemens Automation License Manager (ALM) 5.x prior to 5.3.4.4 contains a network-based information-disclosure/port-scanning flaw. An unauthenticated, remote attacker could send crafted packets to determine whether a remote port is reachable, enabling basic port discovery using the victim’s machin...

CVE-2017-11456

Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file...

CVE-2017-11456

Geneko GWR routers are affected by CVE-2017-11456: a directory traversal vulnerability where user-supplied input is not properly sanitized, allowing traversal sequences beginning with /../. This enables unauthenticated read access to configuration files. Connected sources (Red Hat, CNVD, NVD, CVE...

Geneko Routers - Path Traversal

Geneko Routers - Path Traversal Vulnerability Summary The following advisory describes a Unauthenticated Path Traversal vulnerability found in Geneko GWR routers series. Geneko GWG is compact and cost effective communications solution that provides cellular capabilities for fixed and mobile...