15 matches found
GHSA-GQX7-99JW-6FPR LibreNMS affected by reflected xss via email field
Summary reflected xss via email field Details 1. visit http://127.0.0.1/settings/alerting/email 2. in the email address input but this payload 3. notice the alert PoC - video attached with the report https://github.com/user-attachments/assets/c1b443f5-85c6-4545-b04f-def06d82b42e Impact can lead t...
CVE-2025-14004
A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...
CVE-2025-14004
A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...
CVE-2025-14004
A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...
EUVD-2025-201162
A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing manipulation results in server-side request forgery. Remote exploitation of the attack is...
CVE-2025-14004 dayrui XunRuiCMS Email Setting admind45f74adbd95.php server-side request forgery
A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...
CVE-2025-14004
A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...
CVE-2025-14004 dayrui XunRuiCMS Email Setting admind45f74adbd95.php server-side request forgery
A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...
CVE-2025-14004
Dayrui XunRuiCMS is affected up to version 4.7.1. The vulnerability lies in the Email Setting Handler component, specifically the file /admind45f74adbd95.php?c=email&m=add, where manipulation enables server-side request forgery. Remote exploitation is possible and exploits have been released publ...
PT-2025-49022
Name of the Vulnerable Software and Affected Versions XunRuiCMS versions up to 4.7.1 Description A security flaw exists in XunRuiCMS, specifically within the Email Setting Handler component. The issue involves server-side request forgery, potentially allowing remote exploitation. The flaw is...
xunruicms 代码问题漏洞
xunruicms is a website builder framework for XunRuiCMS individual developers. A code issue vulnerability exists in xunruicms 4.7.1 and earlier versions, which stems from incorrect manipulation of the component Email Setting Handler in the file /admind45f74adbd95.php, which can lead to server-side...
CVE-2025-10651
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ordermail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the ordermail field and a lack of escaping on output. This makes it possible for authenticate...
CVE-2022-46150
Discourse is an open-source discussion platform. Prior to version 2.8.13 of the stable branch and version 2.9.0.beta14 of the beta and tests-passed branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue...
Quiz Tool Lite <= 2.3.15 - Multiple Admin+ Stored Cross-Site Scripting
The plugin does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. When creating a new Question Pot, you can inject ...
CVE-2021-24478
The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue...