111 matches found
Decidim 跨站脚本漏洞
Decidim is an open source participatory democracy framework from Decidim, written in Ruby on Rails. A cross-site scripting vulnerability exists in Decidim versions 0.27.6 and earlier and 0.28.1 and earlier, which stems from a cross-site scripting attack in the administrator panel if an...
CVE-2024-43444
Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...
CVE-2024-43444 Passwords are written to Admin Log Module
Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...
CVE-2024-43444 Passwords are written to Admin Log Module
Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...
PT-2024-5942 · Otrs · Otrs
Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.50 OTRS version 8.0.X OTRS version 2023.X OTRS versions 2024.X through 2024.5.X OTRS Community Edition version 6.0.x Description: The issue is related to the OTRS admin log module, where passwords of agents and...
CVE-2024-42606
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/adminlog.php?clear=1...
Kliqqi CMS 安全漏洞
Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of a cross-site request forgery vulnerability , the vulnerability stems from /admin/adminlog.php?clear=1 does not adequately verify that the request is from a trusted user , an attacker can use this...
PT-2024-30058 · Pligg Cms · Pligg Cms
Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: A Cross-Site Request Forgery CSRF issue was found in Pligg CMS. The issue is related to the "/admin/admin log.php?clear=1" endpoint. Recommendations: For Pligg CMS version 2.0.2, update to a version that...
CVE-2023-40852
SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page...
CVE-2023-23721
Cross-Site Request Forgery CSRF vulnerability in David Gwyer Admin Log plugin = 1.50 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in David Gwyer Admin Log plugin = 1.50 versions...
CVE-2023-23721 WordPress Admin Log Plugin <= 1.50 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in David Gwyer Admin Log plugin = 1.50 versions...
CVE-2023-23721 WordPress Admin Log Plugin <= 1.50 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in David Gwyer Admin Log plugin = 1.50 versions...
CVE-2023-23721
CVE-2023-23721 affects the WordPress Admin Log plugin (
WordPress Plugin Admin Log 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
WordPress Admin Log Plugin <= 1.50 is vulnerable to Cross Site Request Forgery (CSRF)
Software Admin Log Type Plugin Vulnerable versions = 1.50 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23721 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5b0513f078ee Credits Mika Required privilege...
FeehiCMS Cross Site Scripting vulnerability
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page...
GHSA-8VJP-HFGH-68RJ FeehiCMS Cross Site Scripting vulnerability
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page...
Wedding Management System SQL注入漏洞
Wedding Management System is a wedding planning management system by John Paul Lim Gabule, a personal developer. v1.0 of Wedding Management System is vulnerable to SQL injection, which originates from the admin/logeventsedit.php page Lack of validation of external input SQL statements can be...
Lark Technologies: Ability to View Non-Permitted Admin Log
An access control issue was found where a user without proper permissions would be able to view the admin log. We thank @imrannisar for reporting this to our team...