PT-2021-22713 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.6 and later Description: A business logic error in the project deletion process allows persistent access via project access tokens. Recommendations: For GitLab versions 13.6 and later, update to a version that includes a fi...

GitLab 安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab that stems from a...

CVE-2021-36873

CVE-2021-36873 affects WordPress plugin iQ Block Country (versions = 1.2.12). If upgrading is not feasible, apply mitigations per the patch sources. The connected documents confirm the vulnerability and the recommended fix; exploitation details are not provided beyond the general XSS description.

CVE-2021-36872

CVE-2021-36872 affects WordPress Popular Posts plugin (versions

Porn Problem: Adult Ads Persist on US Gov’t, Military Sites

U.S. military and government website subdomains have a sticky problem: They’re “quite vulnerable” to blackhat SEO tactics that result in persistent redirects to spammy Viagra ads and porn videos. An example is one that showed up on a dot.mil subdomain on the Minnesota National Guard site you can...

What are computer cookies?

We all know cookies as tasty baked treats that we love to eat, but computer cookies are quite different. Although they’re most popularly known as just "cookies", they may be referred to as browser cookies, Internet cookies, HTTP cookies, web cookies, computer cookies, or digital cookies. What are...

Cross site scripting

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in WordPress WP Google Maps Pro premium plugin versions &attributes, Name &attributes, &icons, &names, &description, &link, &title...

CVE-2021-36871 WordPress WP Google Maps Pro premium plugin <= 8.1.11 - Multiple Authenticated Persistent XSS vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in WordPress WP Google Maps Pro premium plugin versions &attributes, Name &attributes, &icons, &names, &description, &link, &title...

CVE-2021-36870 WordPress WP Google Maps plugin <= 8.1.12 - Multiple Authenticated Persistent XSS vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in WordPress WP Google Maps plugin versions = 8.1.12. Vulnerable parameters: &datasetname, &wpgmzagdprretentionpurpose, &wpgmzagdprcompanyname, &name 2, &name, &polyname 2, &polyname, &address...

CVE-2021-36870 WordPress WP Google Maps plugin <= 8.1.12 - Multiple Authenticated Persistent XSS vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in WordPress WP Google Maps plugin versions = 8.1.12. Vulnerable parameters: &datasetname, &wpgmzagdprretentionpurpose, &wpgmzagdprcompanyname, &name 2, &name, &polyname 2, &polyname, &address...

CVE-2021-38707

Persistent cross-site scripting XSS vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content. This can result in account takeover via session...

Fortinet FortiSandbox 代码问题漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A code issue vulnerability exists in FortiSandbox that stems from an...

Patient Appointment Scheduler System 1.0 Cross Site Scripting

Exploit Title: Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS Date: 03/09/2021 Exploit Author: a-rey Vendor Homepage: https://www.sourcecodester.com/php/14928/patient-appointment-scheduler-system-using-php-free-source-code.html Software Link:...

Patient Appointment Scheduler System 1.0 - Persistent / Stored XSS Exploit

Exploit Title: Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS Exploit Author: a-rey Vendor Homepage: https://www.sourcecodester.com/php/14928/patient-appointment-scheduler-system-using-php-free-source-code.html Software Link: https://www.sourcecodester.com/download-code?nid=1492...

Eclipse Mosquitto License Issue Vulnerability

Eclipse Mosquitto is a set of open source messaging agent software from the Eclipse Foundation. eclipse Mosquitto has a security vulnerability that stems from the fact that in Eclipse mosquito versions 2.0 through 2.0.11, when using the dynamic security plugin, if a client is unsubscribed from a...

ZOHO ManageEngine Log360 code issue vulnerability

ZzOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity, and comply with regulatory requirements.A code issue...

ZOHO ManageEngine Log360 Code Injection Vulnerability

ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity and comply with regulatory requirements.A code injection...

Eclipse Mosquitto 授权问题漏洞

Eclipse Mosquitto is a set of open source messaging agent software from the Eclipse Foundation. eclipse Mosquitto has a security vulnerability that stems from the fact that in Eclipse mosquito versions 2.0 through 2.0.11, when using the dynamic security plugin, if a client is unsubscribed from a...

CVE-2021-27822

A persistent cross site scripting XSS vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field...

Cross site scripting

A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields...