105 matches found
CVE-2024-49307
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Stored XSS.This issue affects Admin Management Xtended : from n/a through = 2.4.6...
CVE-2024-49307 WordPress Admin Management Xtended plugin <= 2.4.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Stored XSS.This issue affects Admin Management Xtended : from n/a through = 2.4.6...
CVE-2024-49307
CVE-2024-49307 is a stored XSS vulnerability in WordPress plugin Admin Management Xtended (versions
CVE-2024-49307 WordPress Admin Management Xtended plugin <= 2.4.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Stored XSS.This issue affects Admin Management Xtended : from n/a through = 2.4.6...
WordPress plugin Admin Management Xtended 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
WordPress Admin Management Xtended plugin <= 2.4.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Admin Management Xtended versions = 2.4.6...
WordPress Admin Management Xtended Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)
Software Admin Management Xtended Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49307 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 966456ab80af Credits Trương Hữu Phúc truonghuuphuc...
BIT-MOODLE-2024-34008 moodle: CSRF risk in analytics management of models
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk...
Cross-site Request Forgery (CSRF)
moodle/moodle is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the admin management of analytics models, which fails to prevent CSRF risks because it does not include the necessary token...
CVE-2024-34008
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk...
UBUNTU-CVE-2024-34008
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk...
CVE-2024-34008
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk...
CVE-2024-34008 moodle: CSRF risk in analytics management of models
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk...
CVE-2024-34008 moodle: CSRF risk in analytics management of models
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk...
PT-2024-25636 · Moodle +2 · Moodle +2
Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue concerns a CSRF risk in the admin management of analytics models due to the lack of a necessary token. This could allow unauthorized actions on behalf of users. Recommendations: At...
School Fees Management System 安全漏洞
School Fees Management System is a tuition management system. A security vulnerability exists in School Fees Management System version v1.0 that originates from a broken access control in /admin/management/users...
BIT-AIRFLOW-2020-11983
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks...
Cross site request forgery (csrf)
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certa...
CVE-2023-38829
An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface...
Design/Logic Flaw
An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface...