193 matches found
SUSE CVE-2006-6077
The 1 Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the 2 Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a...
VulnCheck KEV: CVE-2021-24183
The tutorquizbuildergetquestionform AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...
Newspaper < 12 - Reflected Cross-Site Scripting
Description The theme does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. " / document.forms0.submit;...
Fast Flow < 1.2.12 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting ' https://example.com/wp-admin/admin.php?page=fast-flow&p="...
Name Directory < 1.25.3 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well alert/XSS/" /...
Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting ' /...
Donate Extra <= 2.02 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting ' document.form1.submit;...
Menubar < 5.8 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting " /...
CVE-2022-26156
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...
CVE-2022-26156
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...
CVE-2022-26156
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...
Input validation
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...
CVE-2022-26156
CVE-2022-26156 affects Cherwell Service Management (CSM) web application, version 10.2.3. The issue is an injection of a malicious payload into the RelayState= parameter of the HTTP request body, causing form-action hijacking by altering the form submission URL to an attacker-controlled endpoint....
CVE-2022-26156
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...
Cherwell Service Management 输入验证错误漏洞
Cherwell Service Management is flexible, feature-rich ITSM software that is easy to use, configure and maintain. An input validation error vulnerability exists in Cherwell Service Management because the product does not validate special characters in data corresponding to the RelayState parameter...
Cross-Site Scripting (XSS)
phpmyadmin is vulnerable to cross-site scripting. The vulnerability exists due to a lack of escape of the config-form's action attribute...
Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting
The plugin does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue var form1 = document.getElementById'hack'; form1.submit;...
Shiny Buttons <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting
The plugin does not have any authorisation and CSRF in place when saving a template wpbtnsavetemplate function hooked to the init action, nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored...
Email Tracker < 5.2.6 - Reflected Cross-Site Scripting
The plugin does not escape user input before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...
Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Log Deletion via CSRF
The plugin does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack csrf.submit...