3941 matches found
PT-2026-5260
Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Session Fixation.This issue affects QR Menu: before s1.05.12...
PT-2026-5267
Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
PT-2026-5266
Name of the Vulnerable Software and Affected Versions QR Menu Pro Smart Menu Systems Menu Panel versions through 29012026 Description An authorization bypass exists due to user-controlled key handling in the Menu Panel. This allows exploitation of trusted identifiers. The vendor was contacted...
QRMenümPro Menu Panel security vulnerabilities
QRMenümPro Menu Panel is a backend management panel for the intelligent menu system developed by the Turkish company QRMenümPro. The QRMenümPro Menu Panel versions dated 29012026 and earlier contained security vulnerabilities. These vulnerabilities were caused by user-controllable keys that allow...
QRMenümPro Menu Panel Authorization Issue Vulnerability
QRMenümPro Menu Panel is a backend management panel for the intelligent menu system developed by the Turkish company QRMenümPro. The QRMenümPro Menu Panel versions dated 29012026 and earlier had an authorization issue vulnerability. This vulnerability stemmed from session fixation, which could le...
CVE-2020-36993
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparentid parameters to execute arbitrary JavaScript in administrative contexts...
CVE-2020-36993
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparentid parameters to execute arbitrary JavaScript in administrative contexts...
CVE-2020-36993
CVE-2020-36993 affects LimeSurvey 4.3.10, with a stored cross-site scripting vulnerability in the Survey Menu of the admin panel. The issue allows attackers to inject SVG scripts via Surveymenu[title] and Surveymenu[parent_id], enabling execution of arbitrary JavaScript in administrative contexts...
CVE-2020-36993 LimeSurvey <= 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparentid parameters to execute arbitrary JavaScript in administrative contexts...
CVE-2020-36993
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparentid parameters to execute arbitrary JavaScript in administrative contexts...
CVE-2020-36993 LimeSurvey <= 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparentid parameters to execute arbitrary JavaScript in administrative contexts...
EUVD-2020-30901
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparentid parameters to execute arbitrary JavaScript in administrative contexts...
CVE-2026-1054
The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rmsetotp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrar...
CVE-2026-1054 RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification
The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rmsetotp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrar...
EUVD-2026-4918
The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rmsetotp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrar...
WordPress Ivory Search plugin <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'menugcse' and 'nothingfoundtext' Parameters vulnerability discovered by JongHwan Shin zzzsleep in WordPress Plugin Ivory Search versions = 5.5.13...
PT-2026-5078
The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm set otp AJAX action handler. This makes it possible for unauthenticated attackers to modify...
PT-2026-5119
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparent id parameters to execute arbitrary JavaScript in administrative contexts...
LimeSurvey (PHPSurveyor) Cross-site Scripting Vulnerabilities
LimeSurvey PHPSurveyor is a set of open-source online survey programs developed by the LimeSurvey team. It supports functions such as survey program development, survey questionnaire publishing, and data collection. Version 4.3.10 of LimeSurvey PHPSurveyor has a cross-site scripting vulnerability...
WordPress eDS Responsive Menu plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin eDS Responsive Menu versions = 1.2...