2125 matches found
CVE-2020-24061
Cross Site Scripting XSS Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script...
GHSA-28H4-788G-RH42 Craft CMS vulnerable to stored XSS in breadcrumb list and title fields
Summary Multiple Stored XSS can be triggered by the breadcrumb list and title fields with user input. Details 1. In the /admin/categories page, category title isn't sanitized and triggered xss. 2. In the category edit page under the /admin/categories/, category title in breadcrumb list isn't...
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields
Summary Multiple Stored XSS can be triggered by the breadcrumb list and title fields with user input. Details 1. In the /admin/categories page, category title isn't sanitized and triggered xss. 2. In the category edit page under the /admin/categories/, category title in breadcrumb list isn't...
File Management System 1.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : File Management System 1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...
VDA 2402 LTSR Features are not shown as installed when you attempt to change the VDA installation
You may not see the below features selected or installed after you attempt to change or modify the VDA installation from Control panel Use Windows Remote Assistance Use Real-Time Audio Transport Use Screen Sharing Is this VDA installed on VM in the Cloud...
Online Bus Ticketing 1.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : Online Bus Ticketing v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...
CVE-2024-43218
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mediavine Mediavine Control Panel mediavine-control-panel.This issue affects Mediavine Control Panel: from n/a through = 2.10.4...
CVE-2024-43218
Stored XSS in Mediavine Control Panel (CVE-2024-43218) affects versions up to 2.10.4 and is mitigated by the patch. Exploitation requires an authenticated user and input handling that is not neutralized. No exploitation details provided beyond the noted patch status.
CVE-2024-43218 WordPress Mediavine Control Panel plugin <= 2.10.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mediavine Mediavine Control Panel mediavine-control-panel.This issue affects Mediavine Control Panel: from n/a through = 2.10.4...
CVE-2024-43218 WordPress Mediavine Control Panel plugin <= 2.10.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mediavine Mediavine Control Panel mediavine-control-panel.This issue affects Mediavine Control Panel: from n/a through = 2.10.4...
WordPress plugin Mediavine Control Panel 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2024-30381 · Mediavine · Mediavine Control Panel
Name of the Vulnerable Software and Affected Versions: Mediavine Control Panel versions through 2.10.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in the Mediavine Control Pane...
WordPress Mediavine Control Panel plugin <= 2.10.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Mediavine Control Panel versions = 2.10.4...
WordPress Mediavine Control Panel Plugin <= 2.10.4 is vulnerable to Cross Site Scripting (XSS)
Software Mediavine Control Panel Type Plugin Vulnerable versions = 2.10.4 Fixed in 2.10.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43218 Patch priority Low CVSS severity Low 6.5 Developer Mediavine PSID 447650b29419 Credits LVT-tholv2k Required privilege...
The vulnerability of the User InformationHandler component in the control panel of the software platform for integrating IBM App Connect Enterprise applications allows a perpetrator to obtain confidential calendar information using an access token with expired validity.
The vulnerability of the User Information Handler component in the software control panel for IBM App Connect Enterprise integration is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain confidential...
Panasonic WV-S2231L Camera Denial of Service (CVE-2020-29194)
Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel which will require a physical reset to restore administrative control via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/setfactory URI. This plugin only works with Tenable.ot. Pleas...
KLA71014 PE vulnerabilities in Microsoft Apps
Elevation of privilege vulnerabilities were found in Microsoft Apps. Malicious users can exploit this vulnerabilities to gain privileges. Original advisories CVE-2024-38176 CVE-2024-38164 CVE list CVE-2024-38176 high CVE-2024-38164 critical Solution Install necessary updates from the KB section,...
CVE-2024-39911
CVE-2024-39911 affects 1Panel, a web-based Linux server management control panel. The issue is an unspecified SQL injection via User-Agent handling that can impact confidentiality, integrity, and availability. Red Hat and other sources corroborate the same description and note the fix in version ...
CVE-2024-39911 1Panel SQL injection
1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability...
Essential Features of Cybersecurity Management Software for MSPs
By Uzair Amir Protect your clients businesses from cyber threats with Cybersecurity Management Software. Explore the unified control panel, real-time threat… This is a post from HackRead.com Read the original post: Essential Features of Cybersecurity Management Software for MSPs...