3 matches found
HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover
Summary Stored XSS Leading to Account Takeover Details The Exploit Chain: 1.Upload: The attacker uploads an .html file containing a JavaScript payload. 2.Execution: A logged-in administrator is tricked into visiting the URL of this uploaded file. 3.Token Refresh: The JavaScript payload makes a...
Schneider Electric SpaceLogic AS-P Security Vulnerability
Schneider Electric SpaceLogic AS-P is an automation server from Schneider Electric France. A security vulnerability exists in Schneider Electric SpaceLogic AS-P V5.0.3 and earlier and SpaceLogic AS-B V5.0.3 and earlier, which stems from the presence of a competitive condition vulnerability that...
WordPress plugin PDF24 Articles To PDF 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin PDF24 Articles To PDF 4.2.2 and earlier versions are vulnerable to cross-site reques...