161 matches found
CVE-2024-5615
The CVE-2024-5615 entry concerns the WordPress Open Graph plugin vulnerability allowing Sensitive Information Exposure via opengraph_default_description in versions up to 1.11.2. Connected Red Hat entry repeats this description; no additional technical details (e.g., patch version or concrete exp...
Exploit for Improper Input Validation in Paloaltonetworks Pan-Os
CVE-2024-3400 Compromise Checker A very simple bash script to...
CVE-2023-37995
Cross-Site Request Forgery CSRF vulnerability in Chetan Gole WP-CopyProtect Protect your blog posts plugin = 3.1.0 versions...
WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP-CopyProtect Protect your blog posts Type Plugin Vulnerable versions = 3.1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25025 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 483e3127703e Credit...
Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)
Exploit Title: Shoplazza 1.1 - Stored Cross-Site Scripting XSS Exploit Author: Andrey Stoykov Software Link: https://github.com/Shoplazza/LifeStyle Version: 1.1 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as normal user account 2. Browse "Blog Posts" - "Manage...
Shoplazza 1.1 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Shoplazza 1.1 - Stored Cross-Site Scripting XSS Exploit Author: Andrey Stoykov Software Link: https://github.com/Shoplazza/LifeStyle Version: 1.1 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as normal user account 2. Browse "Blog Posts" - "Manage...
Shopify Cross Site Scripting Vulnerability
Correspondence from Shopify declined to comment regarding new discovered vulnerabilities within their website. Although 'frontend' vulnerabilities are considered out of scope, person/tester foundhimself a beefy bugbounty from the same page that has been listed below, including similar functionali...
Shopify Cross Site Scripting
Correspondence from Shopify declined to comment regarding new discovered vulnerabilities within their website. Although 'frontend' vulnerabilities are considered out of scope, person/tester foundhimself a beefy bugbounty from the same page that has been listed below, including similar functionali...
threat-intel
threat-intel This repository contains supplemental items inclu...
Shoplazza 1.1 Cross Site Scripting
Exploit Title: Shoplazza 1.1 - Stored Cross Site Scripting Exploit Author: Andrey Stoykov Software Link: https://github.com/Shoplazza/LifeStyle Version: 1.1 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as normal user account 2. Browse "Blog Posts" - "Manage Blogs"...
Stored Cross-site Scripting (XSS)
pyrocms/pyrocms is vulnerable to stored cross-site scriptingXSS. The library allows a low privileged user to inject a malicious Javascript payload in a blog post, which then get executed when the affected blog post is loaded on the victim’s browser...
CVE-2022-37720
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting XSS. When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is load...
PyroCMS 跨站脚本漏洞
PyroCMS is an individual developer's a lightweight open source content management system developed using the CodeIgniter framework. A security vulnerability exists in PyroCMS version 3.9, which stems from the ability of a low-privileged user such as an author or publisher to inject a carefully...
WordPress Post By Email Enabled
WordPress has a core feature and plugins allowing content managers to publish posts on their blogs by sending their articles to a configured email address. The scanner detected that the target WordPress instance has either the core feature or a specific plugin configured. No source data...
WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting XSS Date: 08/08/2022 Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Tested on:...
WordPress Netroics Blog Posts Grid 1.0 Cross Site Scripting
Exploit Title: Stored XSS in posttitle parameter in WordPress Plugin "Netroics Blog Posts Grid" v1.0 Date: 08/08/2022 Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Teste...
WordPress Netroics Blog Posts Grid 1.0 Plugin - Stored XSS Vulnerability
Exploit Title: WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting XSS Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Tested on: Centos 7 apache2 ...
EC-CUBE Easy Blog for EC-CUBE4 Cross-Site Request Forgery Vulnerability
EC-CUBE Easy Blog for EC-CUBE4 is a component of the content management system from EC-CUBE Japan. EC-CUBE Easy Blog for EC-CUBE4 1.0.1 and earlier versions are vulnerable to cross-site request forgery, which stems from insufficient authentication of the source of HTTP requests. A remote,...
Working Together with Our Customers to Build a Sustainable Future
By now, we hope you've read Monday's and Tuesday's blog posts announcing the release of our annual sustainability report, our sustainability program, and the technical innovation behind it...
XSS Vulnerability at jfinal cms publishing blog posts
jfinal cms is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. jfinal cms publish blog posts at the existence of XSS vulnerabilities , attackers...