Lucene search
+L

58 matches found

OSV
OSV
added 2023/03/13 5:15 p.m.5 views

CVE-2023-0219

The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML...

5.4CVSS6.6AI score0.00507EPSS
Exploits2References1
Prion
Prion
added 2023/03/13 5:15 p.m.18 views

Cross site scripting

The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML...

4.9CVSS5.2AI score0.00507EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/13 4:3 p.m.8 views

CVE-2023-0219 FluentSMTP < 2.2.3 - Stored XSS via Email Logs

The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML...

5.2AI score0.00507EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.7 views

PT-2023-16092 · WordPress · Fluentsmtp

Name of the Vulnerable Software and Affected Versions: FluentSMTP WordPress plugin versions prior to 2.2.3 Description: The issue arises from the plugin's failure to sanitize or escape email content, making it susceptible to stored cross-site scripting attacks XSS when an administrator views the...

5.4CVSS5.7AI score0.00507EPSS
Exploits2References5
CNNVD
CNNVD
added 2023/03/13 12:0 a.m.8 views

WordPress Plugin FluentSMTP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.4CVSS6.4AI score0.00507EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/02/20 12:0 a.m.16 views

FluentSMTP < 2.2.3 - Stored XSS via Email Logs

The plugin does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. PoC XSS Payload : Steps to reproduce: 1...

5.4CVSS5.4AI score0.00507EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/02/20 12:0 a.m.380 views

FluentSMTP < 2.2.3 - Stored XSS via Email Logs

The plugin does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. XSS Payload : Steps to reproduce: 1. Install...

5.4CVSS5.7AI score0.00507EPSS
Exploits2
Cvelist
Cvelist
added 2022/06/13 12:41 p.m.38 views

CVE-2022-1412 Log WP_Mail <= 0.1 - Email Logs Publicly Accessible

The Log WPMail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords...

7.5AI score0.01394EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/05/04 3:15 a.m.4 views

CVE-2022-28055

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function...

9.8CVSS5.9AI score0.01449EPSS
Exploits0References2
NVD
NVD
added 2022/05/04 3:15 a.m.19 views

CVE-2022-28055

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function...

9.8CVSS0.01449EPSS
Exploits0References1
Prion
Prion
added 2022/05/04 3:15 a.m.23 views

Command injection

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function...

7.5CVSS9.7AI score0.01449EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/05/04 2:49 a.m.78 views

CVE-2022-28055

FusionPBX v4.4 and earlier versions are affected by a command injection vulnerability in the Download Email Logs function. The CVE-2022-28055 entry is supported by multiple sources: Red Hat notes the issue in FusionPBX 4.4 and earlier; PT Security recommends upgrading to a version above 4.4; OSV,...

9.8CVSS9.7AI score0.01449EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/05/04 2:49 a.m.23 views

CVE-2022-28055

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function...

9.9AI score0.01449EPSS
Exploits0References1
OSV
OSV
added 2022/05/04 2:49 a.m.11 views

CVE-2022-28055

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function...

9.8CVSS7.5AI score0.01449EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/05/04 12:0 a.m.6 views

PT-2022-18782 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: Fusionpbx versions prior to 4.4 Description: The issue concerns a command injection vulnerability. This vulnerability can be exploited via the download email logs function. Recommendations: For Fusionpbx versions prior to 4.4, update to a...

9.8CVSS9.6AI score0.01449EPSS
Exploits0References3
Metasploit
Metasploit
added 2021/09/28 5:42 p.m.60 views

Incredimail Credential Gatherer

This module searches for Incredimail credentials on a Windows host. Module Options msf use post/windows/gather/credentials/incredimail msf postincredimail show actions ...actions... msf postincredimail set ACTION msf postincredimail show options ...show and set options... msf postincredimail run...

7.1AI score
Exploits0
CakePHP
CakePHP
added 2016/03/13 12:0 a.m.36 views

CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released

CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5. These releases contain security fixes. 3.2.5 and 2.8.2 also contain bugfixes. Security Fixes These...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2006/08/17 12:0 a.m.26 views

barracudeHardcode.txt

Title: Barracuda Hardcoded Password Vulnerability Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected] Discovered on: 28 May 2006 Overview: Barracuda Sp...

7.4AI score
Exploits0
Rows per page
Query Builder