3948 matches found
WordPress Plugin Advanced Menu Widget Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2023-5085 Advanced Menu Widget <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wit...
CVE-2023-5085
CVE-2023-5085 affects the WordPress plugin Advanced Menu Widget (versions
CVE-2023-43360
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...
CVE-2022-38484
An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system...
PT-2023-28806 · Unknown · Cms Made Simple
Name of the Vulnerable Software and Affected Versions: CMSmadesimple version 2.2.18 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component. This enables the attacker to injec...
PT-2023-31682 · WordPress · Advanced Menu Widget
Name of the Vulnerable Software and Affected Versions: Advanced Menu Widget plugin for WordPress versions up to, and including, 0.4.1 Description: The issue is related to Stored Cross-Site Scripting via the 'advMenu' shortcode due to insufficient input sanitization and output escaping on...
CVE-2023-43360
CMS Made Simple 2.2.18 is affected by a Cross-Site Scripting vulnerability in the File Picker Menu’s Top Directory parameter. A local attacker can inject crafted scripts to gain arbitrary code execution within the CMS. Root cause: improper handling of user-supplied input in the Top Directory fiel...
CVE-2022-38484
An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system...
CVE-2023-43360
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...
CVE-2023-43358
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component...
CVE-2023-43358
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component...
CVE-2023-43358
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component...
Cross site scripting
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component...
CVE-2023-43358
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component...
CMS Made Simple Cross-Site Scripting Vulnerability
CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS Made Simple...
OpenSolution Quick CMS Cross-Site Scripting Vulnerability
OpenSolution Quick CMS is a free content management system organized by OpenSolution. A cross-site scripting vulnerability exists in OpenSolution Quick CMS v6.7, which stems from the lack of effective filtering and escaping of user-supplied data in the SEO - Meta description parameter of the Page...
CVE-2023-43358
CVE-2023-43358 is a Cross Site Scripting vulnerability in CMS Made Simple 2.2.18 affecting the News Menu component . The issue permits a local attacker to execute arbitrary code by crafting a script in the Title parameter. The NVD entry lists a medium base score (4.3–5.4 range depending on source...
PT-2023-28803 · Unknown · Cms Made Simple
Name of the Vulnerable Software and Affected Versions: CMSmadesimple version 2.2.18 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component. This enables the attacker to perform unauthorized...
CVE-2023-43346
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component...