Lucene search
K

67 matches found

CVE
CVE
added 2021/09/27 12:25 p.m.51 views

CVE-2021-3799

CVE-2021-3799 relates to grav-plugin-admin, where the vulnerability arises from improper restriction of rendered UI layers or frames. The connected documents consistently describe an admin UI access-control/UI-layer restriction flaw that can enable clickjacking due to missing frame protection hea...

5.8CVSS5.4AI score0.01547EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/09/27 12:0 a.m.2 views

Grav-Plugin-Admin 访问控制错误漏洞

Grav-Plugin-Admin is an admin plugin. It is used to configure Grave pages. An Access Control Error vulnerability exists in grav-plugin-admin that stems from improper restrictions in the product's UI layer and framework...

5.8CVSS6.4AI score0.01547EPSS
Exploits1References2
wpexploit
wpexploit
added 2021/09/15 12:0 a.m.623 views

Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues. Put the following payload in the "Folder for new files" and "Maximum size of uploaded file" settings of the plugin: "alert/XSS/...

4.8CVSS4.9AI score0.00622EPSS
Exploits2
Huntr
Huntr
added 2021/08/23 3:56 p.m.16 views

in getgrav/grav-plugin-admin

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

5.8CVSS1.3AI score0.01547EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/03/18 12:0 a.m.7 views

PT-2021-15675 · WordPress · Wp-Google-Map-Plugin

Name of the Vulnerable Software and Affected Versions: WP Google Map Plugin WordPress plugin versions prior to 4.1.5 Description: The issue concerns unvalidated input in the Manage Locations page within the plugin settings, which is vulnerable to SQL Injection. This can be exploited through a hig...

7.2CVSS6.8AI score0.01416EPSS
Exploits2References5
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.8 views

ShrimpTest 1.0b2 - admin/experiments.php Multiple Unspecified XSS

The shrimptest WordPress plugin was affected by an admin/experiments.php Multiple Unspecified XSS security vulnerability...

2.3AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2006/05/25 12:0 a.m.5 views

PT-2006-3529 · Nucleus · Nucleus

Name of the Vulnerable Software and Affected Versions: Nucleus versions 3.22 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSDIR LIBS parameter in the nucleus/libs/PLUGINADMIN.php file. Recommendations: For versions 3.22 and earlier...

5.1CVSS7.8AI score0.07071EPSS
Exploits1References16
Rows per page
Query Builder