Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description A malicious actor is able to add New Project with a malicious payload, and upon opening the research menu, the XSS payload is being executed. 🕵️‍♂️ Proof of Concept 1; Log in with a proper roled user 2; Add a new Project to the system at the /projects/showAll/ URI with the + New...

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description A malicious actor is able to add "new board" with a malicious payload to any target, and upon opening the research menu, the XSS payload is being executed. 🕵️‍♂️ Proof of Concept 1; Log in with a proper roled user 2; Add a new board to the system at research menu on the left 3;...

WTCMS Cross-Site Scripting Vulnerability (CNVD-2021-69271)

WTCMS is a content management system CMS based on ThinkPHP.A cross-site scripting vulnerability exists in the link fields under the menu management module of the WTCMS backend. No detailed vulnerability details are provided at this time...

CVE-2020-20348

WTCMS 1.0 contains a stored cross-site scripting XSS vulnerability in the link field under the background menu management module...

Cross site scripting

WTCMS 1.0 contains a stored cross-site scripting XSS vulnerability in the link field under the background menu management module...

CVE-2020-20348

WTCMS 1.0 contains a stored cross-site scripting XSS vulnerability in the link field under the background menu management module...

WTCMS 跨站脚本漏洞

WTCMS is a content management system CMS based on ThinkPHP.A cross-site scripting vulnerability exists in the link fields under the menu management module of the WTCMS backend. No detailed vulnerability details are provided at this time...

CVE-2021-24580

The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue...

Sql injection

The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue...

CVE-2021-24580 Side Menu Lite < 2.2.6 - Authenticated SQL Injection

The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue...

CVE-2021-24580

CVE-2021-24580 refers to the WordPress plugin Side Menu Lite prior to 2.2.6, which has an authenticated SQL Injection flaw. The issue arises because the plugin does not sanitize user input from the List page in the admin dashboard before using it in a SQL statement, allowing an attacker with admi...

WordPress 插件 SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. WordPress plugin Side Menu Lite version before 2.2.6 has a SQL injection vulnerability, the vulnerability stems from the plugin does not validate and escape the parameters of the SQL statement entered by the user in the List pag...

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

✍️ Description pimcore is a Open Source Data & Experience Management Platform PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce this package is vulnerable for Stored XSS thru SEO menu 🕵️‍♂️ Proof of Concept 💥 Impact This vulnerability is capable of...

CVE-2020-18467

Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...

CVE-2020-18469

Stored cross-site scripting XSS vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...

CVE-2020-18467

Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...

Cross site scripting

Stored cross-site scripting XSS vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...

Cross site scripting

Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...

CVE-2020-18467

Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...

Citrix App Layering | Start Menu does not respond to left click on Windows 10 when template is published via Azure Connector

Start menu does not respond to left click for VDI's created from a template published via the Azure connector The start menu may respond on first logon - but will always fail on second and subsequent logons After logon we see the following events in the application event logs:...