WordPress News & Blog Designer Pack – WordPress Blog Plugin Plugin < 3.3 is vulnerable to Cross Site Scripting (XSS)

Software News & Blog Designer Pack – WordPress Blog Plugin Type Plugin Vulnerable versions 3.3 Fixed in 3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4792 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c11988e04ba...

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 This repository contains a Proof of Concept P...

WordPress Blog Designer - Post and Widget Plugin < 2.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Blog Designer - Post and Widget Type Plugin Vulnerable versions 2.4.1 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4793 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d4fed6181a18 Credits Istv...

Stored XSS via blog author parameter on admin.php?p=config

Description The blog author parameter is unsanitized on the page admin.php?p=config. In this way is possible to inject arbitrary javascript code Proof of Concept - Login as regular user - Go to http://localhost/flatpress/admin.php?p=config - Set as blog author "alertdocument.domain - Refresh page...

cilla 跨站脚本漏洞

cilla is a blog written in Java by Richard Körber, an individual developer. A cross-site scripting vulnerability exists in cilla, which stems from cross-site scripting due to incorrect manipulation of the parameter details...

threat-intel

threat-intel This repository contains supplemental items inclu...

Friday Squid Blogging: Injured Giant Squid and Paddleboarder

Heres a video--I dont know where its from--of an injured juvenile male giant squid grabbing on to a paddleboard. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

FlatPress has an unspecified vulnerability

FlatPress is a Php-based blog building system from the FlatPress community that does not require database support. flatpressblog/flatpress has a security vulnerability that stems from PHP remote file inclusion. No details of the vulnerability are currently available...

CVE-2022-4596

A vulnerability, which was classified as problematic, has been found in Shoplazza 1.1. This issue affects some unknown processing of the file /admin/api/admin/articles/ of the component Add Blog Post Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...

CVE-2022-4596

A vulnerability, which was classified as problematic, has been found in Shoplazza 1.1. This issue affects some unknown processing of the file /admin/api/admin/articles/ of the component Add Blog Post Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in Shoplazza 1.1. This issue affects some unknown processing of the file /admin/api/admin/articles/ of the component Add Blog Post Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...

PT-2022-27700 · Shoplazza · Shoplazza

Name of the Vulnerable Software and Affected Versions: Shoplazza version 1.1 Description: A problematic issue has been found in the processing of the file "/admin/api/admin/articles/" of the component Add Blog Post Handler. The manipulation of the Title argument leads to cross-site scripting. The...

FlatPress 安全漏洞

FlatPress is a Php-based blog building system from the FlatPress community that does not require database support. flatpressblog/flatpress has a security vulnerability that stems from PHP remote file inclusion. No details of the vulnerability are currently available...

CVE-2022-4596 Shoplazza Add Blog Post cross site scripting

A vulnerability, which was classified as problematic, has been found in Shoplazza 1.1. This issue affects some unknown processing of the file /admin/api/admin/articles/ of the component Add Blog Post Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...

Shoplazza 1.1 Cross Site Scripting Vulnerability

Exploit Title: Shoplazza 1.1 - Stored Cross Site Scripting Exploit Author: Andrey Stoykov Software Link: https://github.com/Shoplazza/LifeStyle Version: 1.1 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as normal user account 2. Browse "Blog Posts" - "Manage Blogs"...

Hacking Boston’s CharlieCard

Interesting discussion of vulnerabilities and exploits against Bostons CharlieCard...

Permalink Manager Lite < 2.3.0 - Authenticated Stored XSS

The plugin does not escape page/post and media titles, which could allow attackers to perform Stored XSS attacks when another plugin/theme allowing low privilege users to modify such titles is active on the blog as well...

Shoplazza 1.1 Cross Site Scripting

Exploit Title: Shoplazza 1.1 - Stored Cross Site Scripting Exploit Author: Andrey Stoykov Software Link: https://github.com/Shoplazza/LifeStyle Version: 1.1 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as normal user account 2. Browse "Blog Posts" - "Manage Blogs"...

CVE-2022-3999

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable...

Cross site request forgery (csrf)

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable...