138 matches found
WordPress plugin MD Custom content after or before of post 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...
Mozilla: [ addons-preview-cdn.mozilla.net ] A subdomain takeover is available via unregistered domain in Fastly
The domain addons-preview-cdn.mozilla.net was found to CNAME resolve to addons.allizom.org, which was hosted on Fastly's service. The domain addons-preview-cdn.mozilla.net was not registered within Fastly, resulting in a "Fastly error: unknown domain" message. The vulnerability was demonstrated b...
CVE-2024-3956 Pods – Custom Content Types and Fields <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pod Form widget in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2024-28531 · WordPress · The Pods – Custom Content Types/Fields
Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions up to, and including, 3.2.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Pod Form widget,...
HTML Injection
passbolt/passboltapi is vulnerable to HTML injection. The vulnerability is due to improper sanitization of URL parameters, resulting in custom content being displayed when a user visits the crafted URL...
CVE-2023-6999
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2. This makes it possible for authenticated attackers, with contributor level access ...
CVE-2023-47020
Multiple Cross-Site Request Forgery CSRF chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...
CVE-2023-47020
Multiple Cross-Site Request Forgery CSRF chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...
Cross site request forgery (csrf)
Multiple Cross-Site Request Forgery CSRF chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...
CVE-2023-47020
Multiple Cross-Site Request Forgery CSRF chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...
NCR Atleos Terminal Handler Cross-Site Request Forgery Vulnerability
NCR Atleos Terminal Handler is an ATM enterprise software solution from NCR Atleos that reduces costs, increases business agility, and improves your competitive advantage. A cross-site request forgery vulnerability exists in NCR Atleos Terminal Handler version v.1.5.1, which stems from a lack of...
PT-2024-13398 · Ncr · Ncr Terminal Handler
Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1 Description: The issue involves Multiple Cross-Site Request Forgery CSRF chaining, allowing an attacker to escalate privileges through a crafted request. This request involves user account creation and addin...
Popup Box Pro < 20.9.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a new popup and add the following payload in the Custom Content: alert1; Save,...
CVE-2023-47024
Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...
CVE-2023-47024
Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...
Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting
Description The plugin does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. 1. Create a new PopUp Box within the plugi...
CVE-2023-23790
Cross-Site Request Forgery CSRF vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin = 2.9.10.2 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin = 2.9.10.2 versions...
CVE-2023-23790 WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin = 2.9.10.2 versions...