Cross site scripting

The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

HTML filter and csv-file search < 2.8 - Contributor+ Local File Inclusion

Description The plugin does not properly sanitize and validate the 'src' attribute of the 'csvsearch' shortcode, leading to a Local File Inclusion vulnerability...

CVE-2023-5099

The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute...

CVE-2023-5099

CVE-2023-5099 describes a Local File Inclusion vulnerability in the WordPress plugin HTML filter and csv-file search . Up to version 2.7, the plugin fails to sanitize the src attribute of the csvsearch shortcode, allowing authenticated users with contributor permissions or higher to include and e...

CVE-2023-5099 HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute...

WordPress Plugin HTML filter and csv-file search security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress HTML filter and csv-file search Plugin <= 2.7 is vulnerable to Cross Site Scripting (XSS)

Software HTML filter and csv-file search Type Plugin Vulnerable versions = 2.7 Fixed in 2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5096 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 370de6af1adf Credits Alex Thomas...

WordPress HTML filter and csv-file search Plugin <= 2.7 is vulnerable to Local File Inclusion

Software HTML filter and csv-file search Type Plugin Vulnerable versions = 2.7 Fixed in 2.8 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-5099 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 9f90341966c7 Credits Alex Thomas Required privilege...

findutils bug fix update

An update is available for findutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The findutils packages contain programs to locate files on the system. The...

CVE-2023-40985

An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file ...

App1pro Shopicial Cross-Site Scripting Vulnerability

App1pro Shopicial is a social forum software from App1pro, Inc. App1pro Shopicial suffers from a cross-site scripting vulnerability that stems from the presence of unknown code in file search that results in cross-site scripting...

PT-2023-31382 · Unknown · App1Pro Shopicial

Name of the Vulnerable Software and Affected Versions: app1pro Shopicial versions up to 20230830 Description: A problem has been found in the file search code, allowing for cross-site scripting through the manipulation of the with argument and input like comments'". This issue can be exploited...

PT-2023-26954 · Unknown · Phpscriptpoint Lawyer

Name of the Vulnerable Software and Affected Versions: phpscriptpoint Lawyer version 1.6 Description: A vulnerability was found in the file search.php, which can lead to cross site scripting. The manipulation can be initiated remotely. The vendor was contacted about this disclosure but did not...

Insurance 跨站脚本漏洞

Insurance is a responsive business and insurance related web content management system CMS from the phpscriptpoint team. A cross-site scripting vulnerability exists in Insurance version 1.2, which stems from the inclusion of unknown functions in the file search.php, resulting in cross-site...

SUSE CVE-2018-18398

Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method...

Concrete CMS: Stored XSS in the file search filter

Download Concrete5 8.5.2 and install it 2. Log into your Concrete5 instance as admin 3. Go to Dashboard Files Search 4. In the file search bar, click Advanced 5. In the window that appears, enter a phrase and click the save button, paste the following payload: and click the save button 6. In the...

Commands and Tools for Embedded Reverse Engineering

We’ve been training a lot of people to look at embedded systems. The training is intensive, and it can be hard to remember all the commands and tools used. This is just a quick rundown of those tools with enough information to jog your memory! Basic Commands If we want to see the content of a fil...

UBUNTU-CVE-2018-18398

Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method...

PuTTY Portable Detection (Windows SMB Login)

SMB login and WMI file search based detection of PuTTY Portable. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Thunderbird Portable Detection (Windows SMB Login)

SMB login and WMI file search based detection of Mozilla Thunderbird Portable. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...