Lucene search
K

142 matches found

OSV
OSV
added 2024/06/25 12:32 p.m.8 views

MAL-2024-1965 Malicious code in ccp-login-url-helper (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
NVD
NVD
added 2024/04/17 9:15 p.m.17 views

CVE-2024-32337

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module...

6.1CVSS5.6AI score0.00426EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.5 views

PT-2024-24515 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A cross-site scripting XSS vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Securi...

6.1CVSS6AI score0.00426EPSS
Exploits1References7
CVE
CVE
added 2024/04/17 12:0 a.m.69 views

CVE-2024-32337

WonderCMS v3.4.3 is affected by a cross-site scripting (XSS) vulnerability in the Settings section, allowing an attacker to inject arbitrary script or HTML via a crafted payload in the ADMIN LOGIN URL parameter under the Security module. The CVE is CVE-2024-32337. Affected component: Settings → S...

6.1CVSS5.8AI score0.00426EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/02/05 10:16 p.m.4 views

CVE-2024-0586

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escapi...

5.4CVSS7.4AI score0.00402EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.4 views

PT-2024-15667 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.4 Description: The issue is related to Stored Cross-Site Scripting via the Login/Register Element due to insufficient input sanitization and output...

6.5CVSS5.6AI score0.00402EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.16 views

Essential Addons for Elementor < 5.9.5 - Contributor+ Stored Cross-Site Scritping

Description The plugin is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with...

6.5CVSS5.9AI score0.00402EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/28 12:0 a.m.6 views

The vulnerability affects the implementation of the Security Assertion Markup Language (SAML) standard for single-sign-on (SSO) authentication mechanisms in microprogramming-based network interfaces of Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD). This allows attackers to bypass the authentication process.

The vulnerability of the SAML authentication mechanism implemented in microprogramming systems for Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to deficiencies in access control due to incorrect verification of URL addresses for login. Exploiting this...

6.4CVSS6.3AI score0.00377EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2023/11/01 6:15 p.m.27 views

CVE-2023-20264

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 single sign-on SSO for remote access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to intercept the SAML...

6.1CVSS6.4AI score0.00377EPSS
Exploits0References1
Prion
Prion
added 2023/11/01 6:15 p.m.25 views

Input validation

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 single sign-on SSO for remote access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to intercept the SAML...

5.8CVSS6.3AI score0.00377EPSS
Exploits0References1Affected Software2
Cisco
Cisco
added 2023/11/01 4:0 p.m.25 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SAML Assertion Hijack Vulnerability

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 single sign-on SSO for remote access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to intercept the SAML...

6.1CVSS6.4AI score0.00377EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.6 views

PT-2023-25415 · WordPress · Change Wp Admin Login

Name of the Vulnerable Software and Affected Versions: Change WP Admin Login WordPress plugin versions prior to 1.1.4 Description: The issue allows an attacker to disclose the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered. Recommendations: For version...

7.5CVSS9.4AI score0.00692EPSS
Exploits2References5
CNNVD
CNNVD
added 2022/12/22 12:0 a.m.4 views

Mozilla VPN 授权问题漏洞

Mozilla VPN is an open source virtual private network web browser extension, desktop application and mobile application from the US-based Mozilla Foundation. A security vulnerability in Mozilla VPN iOS before 1.0.7929, Mozilla VPN Windows before 1.2.2, and Mozilla VPN Android before 1.1.01360 ste...

7.6CVSS7.3AI score0.00469EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/07/11 1:15 p.m.7 views

CVE-2022-1732

The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS5.8AI score0.00531EPSS
Exploits2References2
OSV
OSV
added 2022/07/11 1:15 p.m.3 views

CVE-2022-1732

The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS5.8AI score0.00531EPSS
Exploits2References1
NVD
NVD
added 2022/07/11 1:15 p.m.16 views

CVE-2022-1732

The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS0.00531EPSS
Exploits2References1
OSV
OSV
added 2022/06/24 9:15 p.m.2 views

CVE-2022-33122

A stored cross-site scripting XSS vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page...

4.8CVSS5.9AI score0.00462EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/15 12:0 a.m.23 views

WordPress HC Custom WP-Admin URL plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS4.5AI score0.00412EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.5 views

CVE-2022-1595

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request...

5.3CVSS6AI score0.02621EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.4 views

CVE-2022-1594

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...

4.3CVSS5.8AI score0.00412EPSS
Exploits2References2
Rows per page
Query Builder