976 matches found
The vulnerability of the app/admin/custom-fields/edit.php web application for managing IP addresses in phpipam allows a hacker to execute arbitrary SQL queries.
The vulnerability of the “app/admin/custom-fields/edit.php” web application for managing IP addresses in phpipam relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
The vulnerability of the app/admin/custom-fields/filter-result.php web application for managing IP addresses in phpipam allows a violator to execute arbitrary SQL queries.
The vulnerability of the app/admin/custom-fields/filter-result.php web application for managing IP addresses in phpipam relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
The vulnerability of the app/admin/custom-fields/filter.php web application for managing IP addresses in phpipam allows a violator to execute arbitrary SQL queries.
The vulnerability of the app/admin/custom-fields/filter.php web application for managing IP addresses in phpipam relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
The vulnerability of the app/admin/custom-fields/order.php web application for managing IP addresses in phpipam allows a hacker to execute arbitrary SQL queries.
The vulnerability of the app/admin/custom-fields/order.php web application for managing IP addresses in phpipam relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary SQL queries...
Vik Rent Car < 1.1.7 - CSRF to Stored XSS
In the plugin, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the order. However, the field name is not sanitised or escaped before being output back in the page, leading to a stored Cross-Site Scripting issue. There is also ...
Vik Rent Car < 1.1.7 - CSRF to Stored XSS
In the plugin, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the order. However, the field name is not sanitised or escaped before being output back in the page, leading to a stored Cross-Site Scripting issue. There is also ...
WordPress Cross-Site Scripting Vulnerability (CNVD-2021-44307)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin Advanced Custom Fields Pro versions...
WordPress Advanced Custom Fields Pro Plugin < 5.9.1 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.112887";...
HackerOne: Stored XSS in IE11 on hackerone.com via custom fields
Hi There, i found stored xss via Custom Fields F1275694 ---------------------------------- F1275691 POC: F1275692 Impact The attacker can use this issue to execute malicious script code in the victim user browser also redirect the victim user to malicious sites...
CVE-2021-24241
The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page...
CVE-2021-24241
The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin Advanced Custom Fields Pro versions...
U.S. Dept Of Defense: Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179
Description: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. Impact...
WordPress Advanced Custom Fields PRO plugin <= 5.9.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Juan David Ordoñez Noriega in WordPress Advanced Custom Fields PRO plugin versions = 5.9.0. Solution Update the WordPress Advanced Custom Fields PRO plugin to the latest available version at least 5.9.1...
HackerOne: Hackers can reveal the names of private programs that have an external link and Enterprise Product Edition
Summary: Hi team, A few days ago, your engineers revealed a field in the report- Custom fields. The team removed it after a while, but did not remove the design line Custom fields Available only for Enterprise Product Edition , Therefore, the sandbox program cannot independently accept this versi...
CVE-2020-36237
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0...
Mail.ru: REST API Endpoint leads to Unauthorized user disclosed private [ issue ] details
Summary Jira allows an administrator to restrict access to projects to specific users only. Or adjusting all project properties to be available only to the system administrator, which means that all users in the jira account cannot access issues, project, dashboard and any information about the...
CVE-2020-36172
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS...
CVE-2020-36172
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS...
Cross site scripting
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS...