172 matches found
WordPress Category SEO Meta Tags Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Category SEO Meta Tags Type Plugin Vulnerable versions = 2.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46618 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c59090fd2bb0 Credits LEE SE HYOUNG...
WordPress Category SEO Meta Tags Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)
Software Category SEO Meta Tags Type Plugin Vulnerable versions = 2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46091 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4500a2d3e3df Credits LEE SE HYOUNG...
CVE-2023-43874
Multiple Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu...
CVE-2023-43874
Multiple Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu...
PT-2023-29019 · E017 Cms · E017 Cms
Name of the Vulnerable Software and Affected Versions: e017 CMS version 2.3.2 Description: A Cross Site Scripting XSS issue allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu. This enables the attacker to perfor...
CVE-2021-4426
The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metaboxreviewsave function. This makes it possible for unauthenticated attackers to save meta tags via a forge...
CVE-2021-4421
The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metaboxpopupsave function. This makes it possible for unauthenticated attackers to save meta tags via a forged...
Cross site request forgery (csrf)
The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metaboxpopupsave function. This makes it possible for unauthenticated attackers to save meta tags via a forged...
WordPress Plugin Advanced Popups 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
SUSE CVE-2018-5118
The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...
Hundredrabbits Left 跨站脚本漏洞
Hundredrabbits Left is a non-intrusive plain text editor from Hundredrabbits. A cross-site scripting vulnerability exists in Hundredrabbits Left version 7.1.5, which stems from the presence of cross-site scripting XSS that allows an attacker to execute arbitrary code via meta tags...
CVE-2021-42245
FlatCore-CMS 2.0.9 has a cross-site scripting XSS vulnerability in pages.edit.php through meta tags and content sections...
CVE-2021-42245
FlatCore-CMS 2.0.9 has a cross-site scripting XSS vulnerability in pages.edit.php through meta tags and content sections...
CVE-2021-42245
FlatCore-CMS 2.0.9 has a cross-site scripting XSS vulnerability in pages.edit.php through meta tags and content sections...
Cross site scripting
FlatCore-CMS 2.0.9 has a cross-site scripting XSS vulnerability in pages.edit.php through meta tags and content sections...
CVE-2021-42245
FlatCore-CMS 2.0.9 is affected by a cross-site scripting (XSS) vulnerability in pages.edit.php triggered via meta tags and content sections. Root cause is insecure handling of user-supplied metadata/content in that page, enabling injection of JavaScript. Reported impacts in public sources include...
CVE-2021-42245
FlatCore-CMS 2.0.9 has a cross-site scripting XSS vulnerability in pages.edit.php through meta tags and content sections...
Information Exposure
Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Information Exposure. When a request is made to a password-protected article, the UI shows it requires a password to view content, but the content of...
Information Disclosure
publifycore is vulnerable to information disclosure. The vulnerability exists in showarticle function in articlescontroller.rb because the content of the article in meta tags of a response is not properly restricted which allows an attacker to view the contents of password-protected articles...
Lyon Bros Turtlapp Turtle Note 跨站脚本漏洞
Lyon Bros Turtlapp Turtle Note is a secure, collaborative notebook from Lyon Bros. Use it to save notes, bookmarks, passwords, ideas, dream journals, photos, documents and anything else you want to keep safe. A security vulnerability exists in Turtlapp Turtle Note version v0.7.2.6, which stems fr...