flusity CMS Security Vulnerability

flusity CMS is a user interactive interface solution where code can be easily changed or added. A security vulnerability exists in Flusity CMS, which stems from the parameter menuid in the loadPostAddForm function of core/tools/posts.php that can lead to cross-site scripting...

Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection

Description The plugin unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog. PoC Run the below command in the developer console of the web browser while being on the blog...

Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection

Description The plugin unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog. Run the below command in the developer console of the web browser while being on the blog...

CVE-2023-43352

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component...

CVE-2023-43352

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component...

CVE-2023-43352

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component...

Design/Logic Flaw

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component...

WordPress Advanced Menu Widget Plugin <= 0.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Menu Widget Type Plugin Vulnerable versions = 0.4.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5085 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a872d4052846 Credits Lana Codes Required...

CVE-2023-43352

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component...

CMS Made Simple Security Breach

CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMS Made Simple v.2.2.18, whi...

CVE-2023-43352

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component...

PT-2023-28797 · Unknown · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMSmadesimple version 2.2.18 Description: An issue in the software allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. Recommendations: For CMSmadesimple version 2.2.18, update to a...

GHSA-V2RR-XW95-WCJX Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet

Impact Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This can be reproduced with the following steps: 1. As an advanced user, u...

CVE-2023-5085

The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wit...

CVE-2023-43360

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...

CVE-2023-43360

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...

CVE-2023-43360

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...

Directory traversal

An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system...

Cross site scripting

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...

BIT-2023-44310

Stored cross-site scripting XSS vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text...