CVE-2019-11457

Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/...

CVE-2025-11457

creationtimestamp| type| source ---|---|--- 2025-11-11 07:32:23+00:00| seen| https://infosec.exchange/users/offseq/statuses/115529897855835530 2025-11-11 07:32:24+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m5dmn3isdz2p 2025-11-14 22:42:51+00:00| published-proof-of-concept|...

CVE-2024-11457

The Feedpress Generator – External RSS Frontend Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

CVE-2024-11457

creationtimestamp| type| source ---|---|--- 2024-12-07 11:16:21+00:00| seen| https://infosec.exchange/users/cve/statuses/113611255352925843 2024-12-07 14:12:33+00:00| seen| https://t.me/cvedetector/12321...

CVE-2024-11457 Feedpress Generator – External RSS Frontend Customizer <= 1.2.1 - Reflected Cross-Site Scripting

The Feedpress Generator – External RSS Frontend Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

CVE-2019-11457

creationtimestamp| type| source ---|---|--- 2024-10-11 21:46:47+00:00| seen| https://t.me/CyberSecurityTechnologies/445...

pfSense 2.4.4-P3 - (User Manager) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting Exploit Author: Matthew Aberegg Vendor Homepage: https://www.pfsense.org Version: PfSense 2.4.4-P3 Tested on: FreeBSD 11.2-RELEASE-p10 CVE : CVE-2020-11457...

pfSense 2.4.4-P3 User Manager Cross Site Scripting

Exploit Title: pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.pfsense.org Version: PfSense 2.4.4-P3 Tested on: FreeBSD 11.2-RELEASE-p10 CVE : CVE-2020-11457 Vulnerability Details Description : A...

pfSense 2.4.4-P3 - &#039;User Manager&#039; Persistent Cross-Site Scripting

Exploit Title: pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.pfsense.org Version: PfSense 2.4.4-P3 Tested on: FreeBSD 11.2-RELEASE-p10 CVE : CVE-2020-11457 Vulnerability Details Description : A...

CVE-2020-11457

PfSense present a stored XSS (via the descr field) in the WebGUI’s User Manager addprivs flow. Affected product: pfSense prior to 2.4.5; root cause: lack of input validation in system_usermanager_addprivs.php allowing arbitrary script payloads to be stored as a user’s Full Name. Impact: potential...

CVE-2019-11457

CVE-2019-11457 : The connected Red Hat, OSV and related advisories corroborate multiple CSRF issues in MicroPyramid Django CRM 0.2.1. Affected endpoints include /change-password-by-admin/, /api/settings/add/, /cases/create/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/cr...

Django CRM 0.2.1 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications Information -------------------- Advisory by Netsparker Name: Multiple CSRF Vulnerabilities in Django CRM 0.2.1 Affected Software: Django CRM Affected Versions: 0.2.1 Homepage: https://github.com/MicroPyramid/Django-CRM Vulnerability: Cross-si...

Django CRM 0.2.1 Cross Site Request Forgery

Information -------------------- Advisory by Netsparker Name: Multiple CSRF Vulnerabilities in Django CRM 0.2.1 Affected Software: Django CRM Affected Versions: 0.2.1 Homepage: https://github.com/MicroPyramid/Django-CRM Vulnerability: Cross-site Request Forgery Severity: 8.8 High Status: Not Fixe...

CVE-2018-11457

A vulnerability has been identified in SINUMERIK 828D V4.7 All versions V4.7 SP6 HF1, SINUMERIK 840D sl V4.7 All versions V4.7 SP6 HF5, SINUMERIK 840D sl V4.8 All versions V4.8 SP3. The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code...

CVE-2018-11457

Siemens SINUMERIK controllers (828D v4.7, 840D sl v4.7/v4.8) expose an unpatched remote code execution flaw in the integrated web server on port 4842/TCP. An attacker with network access and without privileges can send specially crafted requests to this port to execute code with system privileges...

ICSA-18-345-02 Siemens SINUMERIK Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINUMERIK Controllers Vulnerabilities: Heap-based Buffer Overflow, Integer Overflow or Wraparound, Protection Mechanism Failure, Permissions, Privileges, and Access Controls,...

CVE-2017-11457

XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...

CVE-2017-11457

CVE-2017-11457 is an XXE vulnerability in SAP NetWeaver AS JAVA 7.5, affecting the component com.sap.km.cm.ice . A remote authenticated attacker can abuse a crafted XML DTD to read arbitrary files or perform SSRF. The issue is documented against SAP NetWeaver AS JAVA 7.5 via SAP Security Note 238...

yourtango.com XSS vulnerability

Vulnerable URL: http://www.yourtango.com/search/'-confirmOPENBUGBOUNTY-' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 11457 VIP website status:| Yes Check yourtango.com SSL...

SAP NetWeaver AS Java 7.5 XXE in com.sap.km.cm.ice

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2387249 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE...