WordPress ID Arrays plugin <= 2.1.2 - POST-Based Reflected Cross Site Scripting (XSS) vulnerability

POST-Based Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin ID Arrays versions = 2.1.2...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 2024R1.2.2. An attacker can exploit the vulnerability...

CVE-2025-20630

Mattermost Mobile versions =2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel...

CVE-2024-11188

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input...

WordPress plugin Formidable Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

code.gitea.io/gitea Open Redirect vulnerability

Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. This is most likely a post-auth redirect plus it is a POST based request scenario, so less likely that can be exploited or chained with other bugs that can cause phishing or credential theft...

GHSA-CF6V-9J57-V6R6 code.gitea.io/gitea Open Redirect vulnerability

Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. This is most likely a post-auth redirect plus it is a POST based request scenario, so less likely that can be exploited or chained with other bugs that can cause phishing or credential theft...

SUSE CVE-2021-20323

A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak...

CVE-2022-32516

A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery CSRF. Affected Products: Conext™ ComBox All Versions...

CVE-2022-32516

Schneider Electric Conext ComBox (all versions) is affected by a Cross-Site Request Forgery (CSRF) vulnerability that can cause a configuration override and trigger a reboot loop when a POST-based CSRF is exploited. The issue is a CSRF in the device’s configuration interface that an attacker can ...

CVE-2022-32516

A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery CSRF. Affected Products: Conext™ ComBox All Versions...

Ghauri - An Advanced Cross-Platform Tool That Automates The Process Of Detecting And Exploiting SQL Injection Security Flaws

An advanced cross-platform tool that automates the process of detecting andexploiting SQL injection security flaws Requirements Python 3 Python pip3 Installation cd to ghauri directory. install requirements: python3 -m pip install --upgrade -r requirements.txt run: python3 setup.py install or...

PT-2022-17756 · WordPress · Newspaper

Name of the Vulnerable Software and Affected Versions: The Newspaper WordPress theme versions prior to 12 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitized before being outputted back in an HTML attribute via an...

Cross site scripting

A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak...

keycloak-services: POST based reflected Cross Site Scripting vulnerability

A flaw has been found in Keycloak. The clients-registrations endpoint allows execution of javascript code on the client-side, which makes it vulnerable to a Cross-Site Scripting attack...

MTN Group: POST BASED REFLECTED XSS IN dailydeals.mtn.co.za

Summary: Dear Team , I have found a post based reflected XSS in https://dailydeals.mtn.co.za/ . Steps To Reproduce: 1.Create a html file with following content . "document.forms0.submit 2.Open the HTML file in any web-browser. 3.Cross site Scripting will be triggered . Impact Attacker can exploit...

U.S. Dept Of Defense: XSS DUE TO CVE-2020-3580

Hello Team, During my research, I found the following host to be vulnerable to CVE 2020-3580 which is POST BASED XSS. Vulnerable URL: https://████/+CSCOE+/saml/sp/acs?tgname=a Impact Attackers can steal cookies and even takeover accounts and perform different malicious activities. System Hosts ██...

Automattic: [intensedebate.com] XSS Reflected POST-Based on update/tumblr2/{$id}

Summary: Hello, I have found an XSS Reflected POST-Based on https://www.intensedebate.com/update/tumblr2/$id. The parameter $POST'txtCode' is reflected and is not sanitized. To trigger the XSS an attacker need to create a site and invite the victim in their own site and give then full permissions...

Automattic: [intensedebate.com] XSS Reflected POST-Based

Summary: Hello, i have found a XSS Reflected POST-Based in https://www.intensedebate.com/ajax.php. Vulnerables URL : POST /https://www.intensedebate.com/ajax.php Vulnerables Parameters: $POST'txt'; Payload azertyuiop Steps to reproduce 1. Open the xss.html and will you see a javascript pop-up You...

CVE-2019-14228

Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the unsanitized username will reflect via the error page. Due to the lack of CSRF...