Lucene search
K

138 matches found

CNNVD
CNNVD
added 2025/01/16 12:0 a.m.3 views

WordPress plugin MD Custom content after or before of post 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

7.1CVSS8.2AI score0.00197EPSS
Exploits0References1
Hacker One
Hacker One
added 2024/09/08 1:13 a.m.9 views

Mozilla: [ addons-preview-cdn.mozilla.net ] A subdomain takeover is available via unregistered domain in Fastly

The domain addons-preview-cdn.mozilla.net was found to CNAME resolve to addons.allizom.org, which was hosted on Fastly's service. The domain addons-preview-cdn.mozilla.net was not registered within Fastly, resulting in a "Fastly error: unknown domain" message. The vulnerability was demonstrated b...

7AI score
Exploits0
Cvelist
Cvelist
added 2024/05/10 8:32 a.m.20 views

CVE-2024-3956 Pods – Custom Content Types and Fields <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pod Form widget in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.5AI score0.00439EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.6 views

PT-2024-28531 · WordPress · The Pods – Custom Content Types/Fields

Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions up to, and including, 3.2.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Pod Form widget,...

5.4CVSS7.2AI score0.00439EPSS
Exploits0References6
Veracode
Veracode
added 2024/04/29 7:2 a.m.15 views

HTML Injection

passbolt/passboltapi is vulnerable to HTML injection. The vulnerability is due to improper sanitization of URL parameters, resulting in custom content being displayed when a user visits the crafted URL...

4.3CVSS6.9AI score0.00482EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/04/09 7:15 p.m.8 views

CVE-2023-6999

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2. This makes it possible for authenticated attackers, with contributor level access ...

8.8CVSS6AI score0.01291EPSS
Exploits0References3
NVD
NVD
added 2024/02/08 4:15 p.m.20 views

CVE-2023-47020

Multiple Cross-Site Request Forgery CSRF chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...

8.8CVSS8.7AI score0.00346EPSS
Exploits1References2
OSV
OSV
added 2024/02/08 4:15 p.m.9 views

CVE-2023-47020

Multiple Cross-Site Request Forgery CSRF chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...

8.8CVSS5.8AI score0.00346EPSS
Exploits1References2
Prion
Prion
added 2024/02/08 4:15 p.m.25 views

Cross site request forgery (csrf)

Multiple Cross-Site Request Forgery CSRF chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...

6.8CVSS7.5AI score0.00346EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/02/08 12:0 a.m.23 views

CVE-2023-47020

Multiple Cross-Site Request Forgery CSRF chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...

8.9AI score0.00346EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/08 12:0 a.m.7 views

NCR Atleos Terminal Handler Cross-Site Request Forgery Vulnerability

NCR Atleos Terminal Handler is an ATM enterprise software solution from NCR Atleos that reduces costs, increases business agility, and improves your competitive advantage. A cross-site request forgery vulnerability exists in NCR Atleos Terminal Handler version v.1.5.1, which stems from a lack of...

8.8CVSS7AI score0.00346EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.11 views

PT-2024-13398 · Ncr · Ncr Terminal Handler

Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1 Description: The issue involves Multiple Cross-Site Request Forgery CSRF chaining, allowing an attacker to escalate privileges through a crafted request. This request involves user account creation and addin...

8.8CVSS7.8AI score0.00346EPSS
Exploits1References6
wpexploit
wpexploit
added 2024/01/22 12:0 a.m.142 views

Popup Box Pro < 20.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a new popup and add the following payload in the Custom Content: alert1; Save,...

5.9AI score0.0048EPSS
Exploits3
NVD
NVD
added 2024/01/20 2:15 a.m.25 views

CVE-2023-47024

Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...

8.8CVSS8.8AI score0.0025EPSS
Exploits0References2
OSV
OSV
added 2024/01/20 2:15 a.m.7 views

CVE-2023-47024

Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...

8.8CVSS5.8AI score0.0025EPSS
Exploits0References2
Prion
Prion
added 2024/01/20 2:15 a.m.27 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...

6.8CVSS7.4AI score0.0025EPSS
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.132 views

Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. 1. Create a new PopUp Box within the plugi...

4.8CVSS5.1AI score0.00402EPSS
Exploits2
NVD
NVD
added 2023/05/03 10:15 a.m.30 views

CVE-2023-23790

Cross-Site Request Forgery CSRF vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin = 2.9.10.2 versions...

8.8CVSS7.6AI score0.00264EPSS
Exploits0References1
Prion
Prion
added 2023/05/03 10:15 a.m.25 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin = 2.9.10.2 versions...

6.8CVSS8.7AI score0.00264EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/05/03 9:58 a.m.9 views

CVE-2023-23790 WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin = 2.9.10.2 versions...

7.1CVSS7.2AI score0.00264EPSS
Exploits0References4
Rows per page
Query Builder