3948 matches found
CVE-2024-30953
A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...
CVE-2022-41698
Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3...
CVE-2022-41698 WordPress If Menu – Visibility control for Menus plugin <= 0.16.3 - Broken Access Control
Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3...
CVE-2022-41698 WordPress If Menu – Visibility control for Menus plugin <= 0.16.3 - Broken Access Control
Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3...
CVE-2022-41698
This CVE concerns WordPress plugin If Menu (Visibility control for Menus). A Missing Authorization vulnerability leads to Broken Access Control in versions ≤ 0.16.3, allowing unauthenticated actors to modify plugin settings. The issue is resolved in version 0.17.0. Affected product: If Menu; root...
CVE-2024-32345
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section...
CVE-2024-32340
A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module...
CVE-2024-32746
A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module...
CVE-2024-30953
A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...
CMSimple 安全漏洞
CMSimple is a free content management system. A security vulnerability exists in CMSimple v5.15, which stems from a cross-site scripting XSS vulnerability in the Settings menu. An attacker can exploit this vulnerability to execute arbitrary web script or HTML code by injecting a payload into the...
CMSimple 安全漏洞
CMSimple is a free content management system. A security vulnerability exists in CMSimple v5.15, which stems from a cross-site scripting XSS vulnerability in the Settings menu. An attacker can exploit this vulnerability to execute arbitrary web script or HTML code by injecting a payload into the...
WonderCMS 安全漏洞
WonderCMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in WonderCMS v3.4.3, which stems from the lack of effective filtering and escaping of user-supplied data in the MENU parameter of the Settings section, and can be exploited by an...
WordPress Plugin If Menu 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-24824 · Wondercms · Wondercms
Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A cross-site scripting XSS vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module...
CVE-2024-32746
A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module...
PT-2024-24523 · Cmsimple · Cmsimple
Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A cross-site scripting XSS vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...
PT-2024-24524 · Cmsimple · Cmsimple
Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A cross-site scripting XSS vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language...
CVE-2024-32746
CVE-2024-32746 describes an XSS vulnerability in WonderCMS v3.4.3 within the Settings section, exploitable via a crafted payload injected into the MENU parameter under the Menu module. Affected software is WonderCMS 3.4.3; impact is arbitrary script/HTML execution in the user’s browser. Core deta...
PT-2024-24519 · Wondercms · Wondercms
Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A cross-site scripting XSS vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu...
CVE-2024-32345
CMSimple v5.15 is affected by a cross-site scripting (XSS) vulnerability in the Settings menu, specifically via the Configuration parameter under Language. The underlying issue is insufficient filtering/escaping of user-supplied data in that parameter, enabling attackers to inject arbitrary web s...