CVE-2022-3999 WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable...

IIS modules: The evolution of web shells and how to detect them

Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for...

SENS 代码问题漏洞

SENS is an enterprise blog system by saysky individual developer. A code issue vulnerability exists in SENS v1.0, which stems from the presence of a file upload vulnerability...

CVE-2022-4400

A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-21526...

Cross site scripting

A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-21526...

CVE-2022-4400 zbl1996 FS-Blog Title cross site scripting

A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-21526...

FS-Blog 跨站脚本漏洞

FS-Blog is a personal blog based on Spring Boot by the individual developer of zbl1996. A security vulnerability exists in FS-Blog. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

CVE-2022-4400

CVE-2022-4400 affects the zbl1996 FS-Blog Title Handler. The vulnerability stems from an issue in the Title Handler’s processing that enables cross-site scripting (XSS). Exploitation could be remote. Documents consistently describe XSS impact but do not provide concrete patch versions or remediat...

CVE-2022-4400 zbl1996 FS-Blog Title cross site scripting

A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-21526...

CVE-2022-4397

A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack...

CVE-2022-4397

A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack...

Cross site request forgery (csrf)

A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack...

CVE-2022-4397 morontt zend-blog-number-2 Comment Comment.php cross-site request forgery

A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack...

Zend-blog-2 跨站请求伪造漏洞

Zend-blog-2 is a framework blog by Alexander Harchenko personal developer. A security vulnerability exists in Zend-blog-2. An attacker can exploit this vulnerability to perform cross-site request forgery attacks...

CVE-2022-4397

The CVE-2022-4397 entry concerns morontt zend-blog-number-2, where a vulnerability in the Comment Handler (file application/forms/Comment.php) allows cross-site request forgery. The issue arises from a manipulation of an unknown function in that file, with remote execution of the CSRF attack poss...

CVE-2022-4397 morontt zend-blog-number-2 Comment Comment.php cross-site request forgery

A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack...

PT-2022-27050 · Unknown · Morontt Zend-Blog-Number-2

Name of the Vulnerable Software and Affected Versions: morontt zend-blog-number-2 affected versions not specified Description: A vulnerability was found in the component Comment Handler, specifically in the file application/forms/Comment.php. The manipulation leads to cross-site request forgery. ...

An Overview of MS-RPC and Its Security Mechanisms

MS-RPC is a widely used protocol, but not much security research is done on it. In this blog, see an overview of MS-RPC and their security mechanisms...

CVE-2022-4354

A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has be...

pb-cms 跨站脚本漏洞

pb-cms is a content management system by LinZhaoguan Personal Developer. A security vulnerability exists in version 2.0 of pb-cms, which originates from some unknown functions in the /blog/comment file of its Message Board component, allowing an attacker to implement cross-site scripting. The...