CVE-2024-32344

CMSimple v5.15 is affected by an XSS in the Settings menu, via crafted input in the Language section Edit parameter. The vulnerability arises from insufficient filtering/escaping of user-supplied data in that parameter, enabling arbitrary script/HTML execution. In-the-wild details are not provide...

PT-2024-23690 · Htmly · Htmly

Name of the Vulnerable Software and Affected Versions: Htmly version 2.9.5 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of the Menu Editor module. Recommendations: For Htm...

CVE-2024-30953

A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...

CVE-2024-32344

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...

CVE-2024-32340

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module...

CVE-2024-30953

CVE-2024-30953 is a stored XSS in Htmly v2.9.5, exploitable via a crafted payload injected into the Link Name parameter of the Menu Editor. Affected component: Menu Editor in Htmly 2.9.5; root cause is insufficient sanitization of the Link Name input, enabling arbitrary script execution in the vi...

WordPress Navigation menu as dropdown Widget plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Navigation menu as Dropdown Widget versions = 1.3.4...

WordPress Restaurant Menu – Food Ordering System – Table Reservation plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by wpdabh Patchstack Alliance in WordPress Plugin Restaurant Menu – Food Ordering System – Table Reservation versions = 2.4.1...

WordPress Superfly Menu plugin <= 5.0.25 - Subscriber+ Site-Wide Stored Cross Site Scripting (XSS) vulnerability

Subscriber+ Site-Wide Stored Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Superfly Menu versions = 5.0.25...

WordPress Superfly Menu Plugin <= 5.0.25 is vulnerable to Cross Site Scripting (XSS)

Software Superfly Menu Type Plugin Vulnerable versions = 5.0.25 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32553 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6079596969f5 Credits Dave Jong Patchstack Required...

VulnCheck KEV: CVE-2024-32553

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in looksawesome Superfly Menu superfly-menu.This issue affects Superfly Menu: from n/a through = 5.0.25...

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.4.1 Fixed in 2.4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32579 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e783a9e89164...

Float menu < 6.0.1 - Menu Deletion via CSRF

Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack. Make a logged in admin open one a page with the code below, this will make them delete the menu with ID 1:...

Float menu < 6.0.1 - Menu Deletion via CSRF

Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack. PoC Make a logged in admin open one a page with the code below, this will make them delete the menu with ID 1:...

Side Menu Lite < 4.2.1 - Menu Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...

PT-2024-21376 · WordPress · My Sticky Bar

Name of the Vulnerable Software and Affected Versions: The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin versions prior to 2.6.8 Description: The issue concerns a Stored Cross-Site Scripting attack that can be performed by...

CVE-2024-30866

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php...

NetentSec NS-ASG 安全漏洞

NetentSec NS-ASG is an application security gateway from China NetentSec. A security vulnerability exists in NetentSec NS-ASG version 6.3, which originates from an SQL injection vulnerability in the /3g/menu.php file...

PT-2024-23644 · Netentsec · Netentsec Ns-Asg

Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue is related to SQL Injection. It can be exploited via the "/3g/menu.php" API endpoint. Recommendations: For netentsec NS-ASG version 6.3, consider restricting access to the "/3g/menu.php"...

CVE-2024-28003

Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3...