spring-boot-admin 跨站脚本漏洞

spring-boot-admin is an open source backend management system based on Spring boot Mybatis , with user management , menu management and role management 3 functions , permission control to the button level . spring-boot-admin There is a security vulnerability that can be exploited by attackers to...

CVE-2020-18065

Cross Site Scripting XSS vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu...

CVE-2020-18065

Cross Site Scripting XSS vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu...

WordPress WP Cerber 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress WP Cerber prior to version 8.9.3, which stems from a...

D-Link DAP-2020 安全漏洞

The D-Link DAP-2020 is a wireless N access point. The D-Link DAP-2020 is vulnerable to a stack buffer overflow vulnerability caused by incorrect boundary checking of the var:menu parameter in the webproc endpoint, which could be exploited by an attacker to cause a buffer overflow and execute...

WordPress SQL Injection Vulnerability (CNVD-2021-61432)

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Side Menu Lite â add sticky fixed buttonsâ is vulnerable to a SQL injection vulnerability...

Cross Site Scripting in LavaLite CMS

Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...

GHSA-V2F3-F8X4-M3W8 Cross Site Scripting in LavaLite CMS

Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...

CVE-2021-24521

The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack...

CVE-2021-24521

The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack...

Sql injection

The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack...

CVE-2021-24521 Side Menu Lite < 2.2.1 - Authenticated SQL Injection

The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack...

CVE-2021-24521

The CVE-2021-24521 entry concerns the WordPress plugin Side Menu Lite (before version 2.2.1). Connected sources confirm an authenticated SQL injection vulnerability due to improper input sanitization when constructing SQL statements. Impact is limited to privileged users (administrator or those m...

WordPress WP Mobile Menu plugin <= 2.8.2.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress WP Mobile Menu plugin versions = 2.8.2.2. Solution Update the WordPress WP Mobile Menu plugin to the latest available version at least 2.8.2.3...

WordPress Stars Menu plugin <= 1.0.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress Stars Menu plugin versions = 1.0.1. Solution 2021-08-27 - no patched version available...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Side Menu Lite â add sticky fixed buttonsâ is vulnerable to a SQL injection vulnerability...

CVE-2021-33336

Cross-site scripting XSS vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote attackers to inject arbitrary web script or HTML via the comliferayjournalwebportletJournalPortletnam...

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to modify any menu with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

Cross site scripting

The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...

How to Customize App Shortcuts with Receiver for Windows

As a Receiver administrator, you can configure Receiver for Windows 4.2.100 to automatically place application and desktop shortcuts directly in the Start menu or on the desktop in a similar way that Receiver for Windows 3.4 Enterprise places them. The new shortcut only mode provides a seamless...