976 matches found
CVE-2019-16694
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used...
Sql injection
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used...
Sql injection
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used...
Sql injection
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used...
Sql injection
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used...
CVE-2019-16692
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used...
CVE-2019-16695
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used...
WordPress Advanced Custom Fields Plugin < 5.7.8 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113529";...
CVE-2019-8450
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a custom...
CVE-2019-8450
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a custom...
Cross site scripting
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a custom...
WordPress advanced-custom-fields plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. advanced-custom-fields is a field customization plugin used in it. A cross-site scripting vulnerability exists in the WordPress...
CVE-2018-20986
The advanced-custom-fields aka Elliot Condon Advanced Custom Fields plugin before 5.7.8 for WordPress has XSS by authors...
CVE-2018-20986
The advanced-custom-fields aka Elliot Condon Advanced Custom Fields plugin before 5.7.8 for WordPress has XSS by authors...
CVE-2018-20986
The advanced-custom-fields aka Elliot Condon Advanced Custom Fields plugin before 5.7.8 for WordPress has XSS by authors...
Joomla! component com_jsjobs 1.2.6 - Arbitrary File Deletion
Joomla! component comjsjobs 1.2.6 - Arbitrary File Deletion Exploit Title: Joomla! component comjsjobs 1.2.6 - Arbitrary File Deletion Dork: inurl:"index.php?option=comjsjobs" Date: 2019-08-16 Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link:...
XSS in various templates of the Optimization plugin - CVE-2019-8450
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a custom...
XSS in various templates of the Optimization plugin - CVE-2019-8450
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a custom...
[20190701] - Core - Filter attribute in subform fields allows remote code execution
Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option...
HackerOne: Moving a report to a different program doesn't reassign the Custom Field Values
When a report is moved to a different program, all associated objects are either removed or copied to the new program. During an internal security review of the Custom Fields feature it was observed that this isn't the case for Custom Field Values. This means that even after a report has moved, t...