12 matches found
CVE-2026-35180
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...
EUVD-2024-52551
Malicious code in bioql PyPI...
CVE-2024-54431
Cross-Site Request Forgery CSRF vulnerability in phpdevp Admin Customization wpp-customization allows Stored XSS.This issue affects Admin Customization: from n/a through = 2.2...
CVE-2024-54431
Cross-Site Request Forgery CSRF vulnerability in phpdevp Admin Customization wpp-customization allows Stored XSS.This issue affects Admin Customization: from n/a through = 2.2...
CVE-2024-54431
CVE-2024-54431 is a CSRF-to-Stored-XSS vulnerability in the Admin Customization plugin for Admin Customization: from n/a through 2.2. The issue, described in connected documents as a Cross-Site Request Forgery vulnerability that enables Stored XSS, affects the Admin Customization plugin before or...
CVE-2024-54431 WordPress Admin Customization plugin <= 2.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in phpdevp Admin Customization wpp-customization allows Stored XSS.This issue affects Admin Customization: from n/a through = 2.2...
WordPress plugin Admin Customization 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress Admin Customization plugin <= 2.2 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Admin Customization versions = 2.2...
PT-2024-35710 · WordPress · Wp Admin Ui Customize
Name of the Vulnerable Software and Affected Versions: WP Admin UI Customize versions prior to 1.5.14 Description: A cross-site scripting issue exists, allowing an arbitrary script to be executed on the web browser of other users who access the admin screen, if a malicious admin user customizes t...
Cross site scripting
Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an...
CVE-2023-44766
A Cross Site Scripting XSS vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to...
CVE-2023-44766
A Cross Site Scripting XSS vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to...