CVE-2024-49230

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harry005 Ajax Custom CSS/JS ajax-awesome-css allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through = 2.0.4...

CVE-2024-49230 WordPress Ajax Custom CSS/JS plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harry005 Ajax Custom CSS/JS ajax-awesome-css allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through = 2.0.4...

CVE-2024-49230 WordPress Ajax Custom CSS/JS plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harry005 Ajax Custom CSS/JS ajax-awesome-css allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through = 2.0.4...

WordPress plugin Ajax Custom CSS/JS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2024-33367 · Unknown · Harpreet Singh Ajax Custom Css/Js

Name of the Vulnerable Software and Affected Versions: Harpreet Singh Ajax Custom CSS/JS versions n/a through 2.0.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS...

WordPress Ajax Custom CSS/JS Plugin <= 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Custom CSS/JS Type Plugin Vulnerable versions = 2.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49230 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a0b3b7c24e3c Credits SOPROBRO Required privilege...

WordPress plugin My Custom CSS PHP & ADS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress My Custom CSS PHP & ADS plugin <= 3.3 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin My Custom CSS PHP & ADS versions = 3.3...

WordPress My Custom CSS PHP & ADS Plugin <= 3.3 is vulnerable to Sensitive Data Exposure

Software My Custom CSS PHP & ADS Type Plugin Vulnerable versions = 3.3 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7410 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ebd1338eee8c Credits stealthcopter Required...

PT-2024-38326 · WordPress · My Custom Css Php & Ads

Name of the Vulnerable Software and Affected Versions: My Custom CSS PHP & ADS plugin for WordPress versions up to, and including, 3.3 Description: The issue is related to Full Path Disclosure, which occurs because the plugin does not prevent direct access to the...

SAP CRM Cross-Site Scripting Vulnerability (CNVD-2024-36347)

SAP CRM is a customer relationship management system from SAP, Germany. SAP CRM suffers from a cross-site scripting vulnerability that stems from custom CSS support options that do not adequately encode user-controlled input, which can be exploited by an attacker to execute arbitrary web script o...

CVE-2024-37174

Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application...

CVE-2024-37174 [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)

Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application...

SAP CRM 跨站脚本漏洞

SAP CRM is a customer relationship management system from SAP, Germany. SAP CRM suffers from a cross-site scripting vulnerability that stems from custom CSS support options that do not adequately encode user-controlled input, which can be exploited by an attacker to execute arbitrary web script o...

CVE-2024-3249

CVE-2024-3249: The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized data modification due to missing capability checks on import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings in all versions up to 1.6.2. Authenticated a...

WordPress Add Custom CSS and JS plugin <= 1.20 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Add Custom CSS and JS versions = 1.20...

WordPress Add Custom CSS and JS Plugin <= 1.20 is vulnerable to Cross Site Request Forgery (CSRF)

Software Add Custom CSS and JS Type Plugin Vulnerable versions = 1.20 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3903 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 22677f60c11f Credits Bob Matyas Requir...

CVE-2024-3903

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack...

WordPress plugin Add Custom CSS and JS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack Make an author or above role open the following HTML: alert"frontendjs"' /...