WordPress Advance Menu Manager plugin <= 3.0.1 - Unauthorized Menu Creation/Deletion vulnerability

Unauthorized Menu Creation/Deletion vulnerability discovered by WPScanTeam in WordPress Advance Menu Manager plugin versions = 3.0.1 Solution Update the WordPress Advance Menu Manager plugin to the latest available version at least 3.0.2...

Advanced Menu Manager < 3.0 - Unauthorised Menu Edition via CSRF

The plugin does not properly check for CSRF in its ammsaveexistingmenu function, allowing attackers to make logged in high privilege users edit menus via a CSRF attack PoC...

Advanced Menu Manager < 3.0 - Unauthorised Menu Edition via CSRF

The plugin does not properly check for CSRF in its ammsaveexistingmenu function, allowing attackers to make logged in high privilege users edit menus via a CSRF attack...

WordPress Advance Menu Manager plugin <= 2.9.6 - Unauthorized Menu Edition via Cross-Site Request Forgery (CSRF) vulnerability

Unauthorized Menu Edition via Cross-Site Request Forgery CSRF vulnerability discovered by WPScanteam in WordPress Advance Menu Manager plugin versions = 2.9.6. Solution Update the WordPress Advance Menu Manager plugin to the latest available version at least 3.0...

Cross Site Scripting (XSS)

lavalite/cms is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious script via Menu Links feature...

LavaLite Cross-Site Scripting Vulnerability (CNVD-2021-50080)

Lavalite is an open source content management system developed using the Laravel framework. A cross-site scripting vulnerability exists in LavaLite version 5.8.0. The vulnerability can be exploited to conduct cross-site scripting attacks via the "menu link" feature...

CVE-2020-23700

Cross Site Scripting XSS vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature...

CVE-2020-23700

Cross Site Scripting XSS vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature...

Cross site scripting

Cross Site Scripting XSS vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature...

CVE-2020-23700

Cross Site Scripting XSS vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature...

CVE-2020-23700

CVE-2020-23700 affects LavaLite-CMS 5.8.0, with a Cross-Site Scripting (XSS) vulnerability exposed via the Menu Links feature. The issue is documented across multiple feeds (NVD, Red Hat advisory, OSV, GHSA, CNVD, Veracode, etc.), consistently describing user-controllable script execution through...

LavaLite 跨站脚本漏洞

Lavalite is an open source content management system developed using the Laravel framework. A cross-site scripting vulnerability exists in LavaLite version 5.8.0. The vulnerability can be exploited to conduct cross-site scripting attacks via the "menu link" feature...

EulerOS Virtualization 3.0.2.2 : grub2 (EulerOS-SA-2021-2126)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in grub2. The rmmod implementation allows the unloading of a module used as a dependency without checking if any...

Unspecified vulnerability in Weidmueller Industrial WLAN devices

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. A security vulnerability exists in Weidmueller Industrial WLAN devices, which can be exploited by an attacker to cause an escape from a restricted console via a specially crafted menu selection string, resulting ...

Side Menu Lite < 2.2.1 - Authenticated SQL Injection

The plugin does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack. PoC http://www.example.com/wp-admin/admin.php?page=side-menu-lite=add-new=duplicate=0...

Side Menu Lite < 2.2.1 - Authenticated SQL Injection

The plugin does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack...

Exploit for Unrestricted Upload of File with Dangerous Type in Seeddms

CVE-2019-12744 Information Exploit Title: Remote Command...

CVE-2021-25655

A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 without hotfix and 8.0.0 without hotfix...

CVE-2021-25655

A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 without hotfix and 8.0.0 without hotfix...

Sql injection

A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 without hotfix and 8.0.0 without hotfix...