WordPress Plugin WP Ajax Recent Posts 1.0.1 - do Cross-Site Scripting

WordPress Plugin WP Ajax Recent Posts 1.0.1 - do Cross-Site Scripting source: https://www.securityfocus.com/bid/47579/info The WP Ajax Recent Posts WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage...

Cross-site Scripting (XSS) Vulnerability in WP-Ajax-Recent-Posts

High-Tech Bridge SA Security Research Lab has discovered vulnerability in WP-Ajax-Recent-Posts which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in WP-Ajax-Recent-Posts The vulnerability exists due to input sanitation error in the "number"...

MyBB TagCloud 2.0 Cross Site Scripting

==================================================== MYBB TagCloud 2.0 cross site scripting vulnerability ==================================================== Author: http://www.3ethicalhackers.com Discovered by: http://www.3ethicalhackers.com Original post: http://www.3ethicalhackers.com...

Code injection

The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to 1 obtain sensitive via the Tracker Module and the Recent posts page; 2 obtain project...

Project and Project issue tracking - Access bypass

The Project and Project issue tracking modules provide a series of permissions to control access to projects and issues: "access projects", "access own projects", "access project issues" and "access own project issues". While these permissions correctly prevent users from viewing the entire proje...