WordPress插件 跨站脚本漏洞

Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A cross-site scripting vulnerability exists in Patreon WordPress versions prior to 1.7.2. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via the...

CVE-2020-35933

A Reflected Authenticated Cross-Site Scripting XSS vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpcrender AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing...

CVE-2020-11512

Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal subscriber-level permissions to save arbitrary JavaScript in the plugin's settings panel via the idxupdaterecaptchakey AJAX action and a crafted idxrecaptchasitekey parameter, which...

pornl.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1133996 Security Researcher Hchabik Helped patch 2358 vulnerabilities Received 5 Coordinated Disclosure badges Received 2 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting pornl.com website and its...

CVE-2019-15766

The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...

CVE-2019-15775

The nd-learning plugin before 4.8 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...

DEBIAN-CVE-2019-8424

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter...

CVE-2018-12587

A cross-site scripting XSS vulnerability was found in valeuraddons German Spelling Dictionary v1.3 an Opera Browser add-on. Instead of providing text for a spelling check, remote attackers may inject arbitrary web script or HTML via the ajax query parameter in the URL Address Bar...

DokuWiki Reflection File Download Vulnerability

DokuWiki is a German software developer Andreas Gohr developed a PHP-based Wiki engine , it is mainly used for small and medium-sized team and personal website knowledge base management , and provides version control , full-text search and permission control and other functions . A security...

SQL Injection Vulnerability in Hanchao B2B2C Multi-User Mall System

Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C multi-user mall system Shopid parameter, ajaxshopinfo method SQL injection vulnerability exists because the system fails to strictly filter the parameters provided by t...

SQL injection vulnerability in mallbuilder frontend cate_show_ajax.php page

MallBuilder is a multi-user online shopping mall solution system based on PHP+MYSQL. A SQL injection vulnerability exists in the mallbuilder v7.3.4 frontend cateshowajax.php page due to a lack of filtering of the '$catid' parameter, which allows an attacker to exploit the vulnerability to obtain...