EUVD-2022-7056

Malicious code in bioql PyPI...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is a fully integrated set of global business management software from Oracle. An information disclosure vulnerability exists in Oracle User Management for Oracle E-Business Suite, which arises from a flaw in the search and register users component and can be exploited by a...

PT-2024-16245 · WordPress · Download Monitor

Name of the Vulnerable Software and Affected Versions: Download Monitor plugin for WordPress versions up to, and including, 5.0.13 Description: The issue is related to a missing capability check on the ajax search users function, allowing authenticated attackers with Subscriber-level access and...

ProcessWire vulnerable to Cross-site Scripting

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

GHSA-8G35-PRRR-GXXF ProcessWire vulnerable to Cross-site Scripting

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

CVE-2022-40487

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

CVE-2022-40487

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

Cross site scripting

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

PT-2022-25403 · Unknown · Processwire

Name of the Vulnerable Software and Affected Versions: ProcessWire version 3.0.200 Description: The issue allows attackers to execute arbitrary web scripts or HTML via injection of a crafted payload, leveraging multiple cross-site scripting XSS vulnerabilities. These vulnerabilities are...

CVE-2022-40487

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

ProcessWire 跨站脚本漏洞

ProcessWire is a friendly and powerful open source CMS with a robust API. A cross-site scripting vulnerability exists in ProcessWire version v3.0.200, which originates from the Search Users and Search Functions pages and allows attackers to execute arbitrary web script or HTML by injecting a...

CVE-2022-0345

The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfwsearchusers AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes finding the first letter, then the second one, then the third one...

PT-2022-13119 · WordPress · Customize Wordpress Emails/Alerts

Name of the Vulnerable Software and Affected Versions: The Customize WordPress Emails and Alerts WordPress plugin versions prior to 1.8.7 Description: The issue concerns a lack of authorization and CSRF check in the bnfw search users AJAX action. This allows any authenticated users to call the...

Cyber Cafe Management System SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Cyber Cafe Management System - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

Concrete CMS: Time-base SQL Injection in Search Users

Description ===================== I've identified an SQL injection vulnerability in the website labs.data.gov that affects the endpoint /index.php/dashboard/users/search and can be exploited via the fSearchDefaultSortDirection param. I didn't extract any data from the database, I've confirmed the...

CVE-2020-10453

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/search-users.php by adding a question mark ? followed by the payload...

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/search-users.php by adding a question mark ? followed by the payload...