WordPress WP-Eggdrop plugin <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Benedictus Jovan in WordPress Plugin WP-Eggdrop versions = 0.1...

CVE-2024-28891

SQL injection vulnerability exists in the script HandlerCFG.ashx...

PT-2024-18305 · WordPress · Contests By Rewards Fuel

Name of the Vulnerable Software and Affected Versions: Contests by Rewards Fuel plugin for WordPress versions up to, and including, 2.0.64 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attacke...

PT-2024-21733 · Beepress · Beepress

Name of the Vulnerable Software and Affected Versions: BeePress versions through 6.9.8 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. Recommendations: For versions through 6.9.8, update to a version that contains a fix for this issue. At the...

CVE-2024-1508

The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings'titletags'' attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible f...

WordPress Plugin EmbedPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-21396 · Openemr · Openemr

Name of the Vulnerable Software and Affected Versions: open-emr versions prior to 7.0.2 Description: An issue in open-emr allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq form.php component. Recommendations: For versions prior to 7.0.2, upda...

CVE-2023-48987

Blind SQL Injection vulnerability in CU Solutions Group CUSG Content Management System CMS before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component...

CVE-2023-48985

Cross Site Scripting XSS vulnerability in CU Solutions Group CUSG Content Management System CMS before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component...

CVE-2023-48986

Cross Site Scripting XSS vulnerability in CU Solutions Group CUSG Content Management System CMS before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component...

Simple School Managment System SQL注入漏洞

Simple School Managment System is Code-projects open source a simple school management system . Simple School Managment System version 1.0 SQL injection vulnerability , the vulnerability stems from the application lack of validation of external input SQL statement , an attacker can exploit the...

TOTOLINK N200RE 安全漏洞

The TOTOLINK N200RE is a wireless router for the SOHO market. The TOTOLINK N200RE suffers from a buffer overflow vulnerability that originates from a stack-based buffer overflow in the main function of //cgi-bin/cstecgi.cgi. No detailed vulnerability details are provided at this time...

CVE-2024-0292

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The explo...

PT-2023-29426 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns an Authenticated SQL Injection vulnerability. Specifically, the wrong parameter of the "update.php" endpoint does not validate the characters received and they are sent...

CVE-2023-48687

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-48553

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2023-47064

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2023-47516

Cross-Site Request Forgery CSRF vulnerability in Stark Digital Category Post List Widget allows Stored XSS.This issue affects Category Post List Widget: from n/a through 2.0...

CVE-2023-46510

An issue in ZIONCOM Hong Kong Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function...