217 matches found
Moodle 安全漏洞
Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from some hidden user profile fields being visible in...
CVE-2024-37856
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page...
PT-2024-5531 · Apache · Apache Roller
Name of the Vulnerable Software and Affected Versions: Apache Roller versions 5.0.0 through 6.1.2 Description: The issue is caused by insufficient input validation and sanitation in features such as Profile name & screenname, Bookmark name & description, and blogroll name. This allows an...
CVE-2023-6983
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it possible fo...
CVE-2023-6982 Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via vg_display_data
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplie...
CVE-2024-1010
A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is...
PT-2023-32556 · WordPress · Paid Memberships Pro
Name of the Vulnerable Software and Affected Versions: Paid Memberships Pro plugin for WordPress versions up to, and including, 2.12.3 Description: The issue arises from insufficient file type validation in the pmpro paypalexpress session vars for user fields function. This allows authenticated...
XWiki Platform 代码注入漏洞
XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform that originates from the fact that any registered user can execute arbitrary scripts with programmatic privileges using th...
Cross site scripting
The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which...
CVE-2022-4831 Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro < 1.8.1 - Contributor+ Stored XSS via Shortcode
The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which...
WordPress plugin Custom User Profile Fields for User Registration 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
WordPress Custom User Profile Fields Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)
Software Custom User Profile Fields Type Plugin Vulnerable versions = 1.8 Fixed in 1.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4831 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 02766634c7d2 Credits István...
The vulnerability of the Moodle course management system lies in the insufficient cleaning of user data in several “social” fields of the user profile. This allows attackers to carry out attacks using cross-site scripting (XSS).
The vulnerability of the Moodle course management system is related to insufficient cleaning of user data in several “social” fields of the user’s profile. Exploiting this vulnerability allows a malicious actor to carry out attacks using cross-site scripting XSS...
UBUNTU-CVE-2022-45151
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website...
Moodle 跨站脚本漏洞
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle versions 3.11.0 and later, 3.11.1 and earlier, 4.0.0 and later, and 4.0.5 and...
CVE-2022-45151
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website...
PT-2022-5979 · Moodle +2 · Moodle +2
Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to insufficient sanitization of user-supplied data in several "social" user profile fields, which can allow a remote attacker to inject and execute arbitrary HTML and...
CVE-2022-40288
The application was vulnerable to an authenticated Stored Cross-Site Scripting XSS in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile...
CVE-2022-1051
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks...
CVE-2022-1051
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks...