12 matches found
CVE-2026-13563
creationtimestamp| type| source ---|---|--- 2026-06-29 12:42:24+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgj76gdbe2t 2026-06-29 19:36:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mphadfcnq32x 2026-06-29 20:19:24+00:00| seen|...
CVE-2025-13563
The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizzalmsproregisteruserfrontend' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to...
CVE-2019-13563
D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console...
CVE-2024-13563 Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-13563 Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2020-13563
creationtimestamp| type| source ---|---|--- 2021-02-01 19:25:15+00:00| seen| https://t.me/cibsecurity/22902...
CVE-2020-13563
CVE-2020-13563 covers multiple XSS vulnerabilities in phpGACL 3.3.7 templates. The Red Hat, NVD, OSV, CVE.org and TALOS entries describe XSS via unsanitized Smarty template variables such as group_id, acl_id and action, leading to arbitrary JavaScript execution when crafting specific HTTP request...
phpGACL template multiple cross-site scripting vulnerabilities
Summary Multiple cross-site scripting vulnerabilities exist in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability. Tested Versions phpGACL 3.3.7 OpenEMR 5.0.2...
CVE-2019-20616
An issue was discovered on Samsung mobile devices with N7.x and O8.x software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 March 2019...
CVE-2019-20616
Technical details (affected component, root cause, version-specific impact, or fixes) are not publicly provided in the connected documents. Monitor for updates from Samsung and security advisories.
CVE-2019-13563
The CVE refers to D-Link DIR-655 C devices before version 3.02B05 BETA03, which are vulnerable to Cross-Site Request Forgery (CSRF) that can affect the entire management console. The root cause is insufficient CSRF protection in the web interface, allowing an attacker to induce unintended actions...
CVE-2018-13563
The CVE-2018-13563 issue affects the UPayToken Ethereum token: the mintToken function has an integer overflow that lets the contract owner set any user’s balance to an arbitrary value. This is a functional integrity risk in the token’s accounting, potentially enabling balance manipulation without...