183 matches found
Schneider Electric U.motion Builder runscript directory traversal vulnerability
U.motion Builder is a builder product from Schneider Electric France. A directory traversal vulnerability exists in the Schneider Electric U.motion Builder runscript. When handling the 's' parameter of a small application. An attacker could exploit the vulnerability to expose files from the syste...
perrehaber.com XSS vulnerability
Vulnerable URL: https://www.perrehaber.com/?s="/alert/OPENBUGBOUNTY/...
Sweepstakes Pro Software SQL Injection Vulnerability
Sweepstakes Pro Software is a suite of sweepstakes software to increase email lists, increase social networking, and drive sales by running sweepstakes software in conjunction with sweepstakes. A SQL injection vulnerability exists in the s parameter in both win.php and widgetlb.php in Sweepstakes...
antenova-m2m.com XSS vulnerability
Vulnerable URL: http://www.antenova-m2m.com/?s=1'%22%26%25prompt/OPENBUGBOUNTY/...
CVE-2014-100018
Cross-site scripting XSS vulnerability in the Unconfirmed plugin before 1.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in the unconfirmed page to wp-admin/network/users.php...
WordPress Unconfirmed Plugin <= 1.2.4 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the plugin...
SimpleDark 1.2.10 - 's' Parameter Cross Site Scripting
The SimpleDark WordPress theme was affected by a 's' Parameter Cross Site Scripting security vulnerability...
WordPress Simple Balance Theme <= 2.2.1 - Cross Site Scripting
This vulnerability allows remote attackers to inject arbitrary script or HTML via "index.php" file, "s" parameter. Solution Update the theme...
WordPress Wikipop Plugin <= 2.0 - XSS
Because of this vulnerability in js/window.php, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the plugin...
Cross site scripting
Cross-site scripting XSS vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information...
CVE-2012-5346
Cross-site scripting XSS vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information...
WordPress EvoLve Theme 1.2.5 - Cross-Site Scripting
's' Parameter WordPress EvoLve theme's "s" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...
CVE-2011-3858
Cross-site scripting XSS vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
CVE-2011-3860
Cross-site scripting XSS vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
CVE-2011-3863
Cross-site scripting XSS vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
CVE-2011-3852
Cross-site scripting XSS vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
CVE-2011-3855
Cross-site scripting XSS vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
CVE-2011-3850
Cross-site scripting XSS vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...