Custom Login Redirect <= 1.0.0 - CSRF to Stored XSS

The plugin does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page, leading to a Stored Cross-Site Scripting issue alert/XSS/' /...

Photo Gallery < 1.5.75 - File Upload Path Traversal

The plugin did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector The below requests will put the xss.svg file into the /wp-content/uploads/ folder rather than...

Siemens Mendix Access Check Bypass Vulnerability

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration. A security vulnerability exists in Siemens Mendix, which can be exploited by an attacker to bypass write access checks on properties of the...

U.S. Dept Of Defense: SQL injection located in `███` in POST param `████████`

Hey DoD security team! I was able to exploit an SQL injection 1 in one of your domains. Description An SQL injection 1 was discovered in domain https://████████/██████ in the parameter ██████████. The SQL injection was located in a WHERE statment fallowed by a INT value. The vulnerable parameter...

Unspecified vulnerability in Nextcloud (CNVD-2021-51795)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server versions prior to 19.0.13, 20.011, and 21.0.3, which can be exploited by an attacker to enumerate...

Unspecified vulnerability in Nextcloud (CNVD-2021-51815)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from a lack of privilege checking in Nextcloud Server, where tokens are able to change their ow...

Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. 1. Install WordPress 5.7.2 2. Install and activate Custom Book 3...

Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)

Exploit Title: Apache Tomcat 9.0.0.M1 - Cross-Site Scripting XSS Date: 05/21/2019 Exploit Author: Central InfoSec Version: Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 CVE : CVE-2019-0221 Requirements: SSI support must be enabled within Apache Tomcat. SSI support is no...

WOWRestro < 1.1 - CSRF Bypass

The plugin does not properly check for CSRF in numerous of its AJAX actions, allowing attacker to make logged in users call them and perform unwanted actions, such as add/remove an item from their basket and empty it as well. To empty a user basket:...

Unspecified Vulnerability in Flask-User

Flask-User is a software application. Customizable user authentication and user management, register, confirm, login, change username, password, forget password, etc. A security vulnerability exists in Flask-User, which can be exploited to bypass url authentication and redirect a user to an...

CRM: Contact Management Simplified – UkuuPeople <= 1.6.3 - Unauthorised Favourite Addition/Deletion

The plugin does not properly check for CSRF in its ukuuaddtofav AJAX action, allowing attacker to make logged in users call them them and add or delete arbitrary favourite post. To delete a favourite To Add a favourite...

Haxcan <= 1.0.0 - CSRF Bypass

The plugin does not properly check for CSRF in its getajaxresponse AJAX action, allowing attacker to make logged in admin call them it via CSRF attack and add arbitrary files in quarantine for example. Add an arbitrary file to quarantine...

CVE-2021-30556

Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Workreap < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

The theme's AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were...

Workreap < 2.2.2 - Missing Authorization Checks in Ajax Actions

The theme had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site. log in as arbitrary freelancer...

Leaflet Map < 3.0.0 - Contributor+ Stored XSS

The plugin does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues Most of the shortcode attributes are not escaped, so these are just one of them: leaflet-map...

Super Progressive Web Apps < 2.1.12 - Authenticated (Low Privileged) Arbitrary File Upload to RCE

When the Apple Touch Icons & Splash Screen add-on is active, its superpwasplashscreenuploader AJAX action, does not properly check for CSRF, authorisation and the content of the uploaded archive file. This allows attackers to upload an archive with a PHP file, leading to RCE by either using a low...

User Profile Picture < 2.6.0 - Arbitrary User Picture Change/Deletion via IDOR

The plugin was affected by an IDOR issue, allowing users with the uploadimage capability by default author and above to change and delete the profile pictures of other users including those with higher roles. Use a proxy such as Burp Suite to capture the request made when change your own profile...

W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)

The plugin was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This...

Google Android MmsService.java Elevation of Privilege Vulnerability

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android MmsService.java. The vulnerability stems from a lack of permission checking in archiveStoredConversation in MmsService.jav...