21 matches found
PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0. id: CVE-2023-40752 info: name: PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site...
CVE-2023-40752
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0...
EUVD-2023-45305
Malicious code in bioql PyPI...
EUVD-2024-23156
Malicious code in bioql PyPI...
CVE-2024-25849
In the module "Make an offer" makeanoffer = 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer and MakeOffers::addUserOffer...
CVE-2024-25849
In the module "Make an offer" makeanoffer = 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer and MakeOffers::addUserOffer...
Sql injection
In the module "Make an offer" makeanoffer = 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer and MakeOffers::addUserOffer...
CVE-2024-25849
In the module "Make an offer" makeanoffer = 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer and MakeOffers::addUserOffer...
CVE-2024-25849
CVE-2024-25849 affects PrestaToolKit Make an offer module for PrestaShop (version ≤ 1.7.1). The vulnerability is a SQL injection in guest-accessible flows via MakeOffers::checkUserExistingOffer() and MakeOffers::addUserOffer(), leading to potential unauthorized data access or modification. Affect...
CVE-2023-40767
User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
CVE-2023-40767
User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
CVE-2023-40752
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0...
CVE-2023-40752
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0...
Cross site scripting
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0...
CVE-2023-40752
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0...
CVE-2023-40767
User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
CVE-2023-40767
User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
CVE-2023-40752
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0...
PT-2023-27617 · Phpjabbers · Phpjabbers Make An Offer Widget
Name of the Vulnerable Software and Affected Versions: PHPJabbers Make an Offer Widget version 1.0 Description: There is a Cross Site Scripting XSS issue in the action parameter of the "index.php" file. This allows for potential malicious script execution. Recommendations: For PHPJabbers Make an...
CVE-2023-40767
CVE-2023-40767 affects PHPJabbers Make an Offer Widget v1.0. The issue is user enumeration during password recovery: messages differ between valid and invalid usernames, enabling brute-forcing with valid users. Base CVSS 3.1: 9.8 (Network, High impact on confidentiality, integrity, availability)....