102 matches found
PT-2023-22538 · Total.Js · Total.Js
Name of the Vulnerable Software and Affected Versions: TotalJS messenger version b6cf1c9 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. This enables attackers to...
PT-2023-15191 · Blockonomics · Blockonomics Wordpress Bitcoin Payments
Name of the Vulnerable Software and Affected Versions: Blockonomics WordPress Bitcoin Payments – Blockonomics plugin versions = 3.5.7 Description: The issue is a Reflected Cross-Site Scripting XSS vulnerability. This means an attacker can inject malicious scripts into a website, potentially...
PT-2023-15415 · Unknown · Mickael Austoni Map Multi Marker
Name of the Vulnerable Software and Affected Versions: Mickael Austoni Map Multi Marker plugin versions = 3.2.1 Description: The issue is a Reflected Cross-Site Scripting XSS vulnerability. This means an attacker can inject malicious scripts into a website, potentially allowing them to steal user...
PT-2022-25644 · WordPress · 2Kb Amazon Affiliates Store Plugin
Name of the Vulnerable Software and Affected Versions: 2kb Amazon Affiliates Store plugin versions =2.1.5 Description: The issue is a Reflected Cross-Site Scripting XSS vulnerability. This means an attacker can inject malicious scripts into a website, potentially stealing user data or taking...
Read the Docs vulnerable to Cross-Site Scripting (XSS)
Impact This vulnerability allowed a malicious user to serve arbitrary HTML files from the main application domain readthedocs.org/readthedocs.com by exploiting a vulnerability in the code that serves downloadable content from a project. Exploiting this would have required the attacker to get a...
CVE-2022-41542
devhub 0.102.0 was discovered to contain a broken session control...
CVE-2022-41542
devhub 0.102.0 was discovered to contain a broken session control...
Design/Logic Flaw
devhub 0.102.0 was discovered to contain a broken session control...
CVE-2022-41542
devhub 0.102.0 was discovered to contain a broken session control...
CVE-2022-41542
devhub 0.102.0 was discovered to contain a broken session control...
DevHub 代码问题漏洞
DevHub is a GitHub notification and activity on the desktop from DevHub, Inc. A security vulnerability exists in DevHub version 0.102.0 that stems from a corrupt session control...
PT-2022-25927 · Devhub · Devhub
Name of the Vulnerable Software and Affected Versions: devhub version 0.102.0 Description: The issue is related to broken session control in the software. Recommendations: For devhub version 0.102.0, at the moment, there is no information about a newer version that contains a fix for this...
CVE-2022-41542
CVE-2022-41542 affects devhub, specifically version 0.102.0, due to a broken session control. The CVE entry lists a Network attack vector with low privileges required and no user interaction, and a base score of 5.4 (Medium). Public references confirm the issue is tied to devhub 0.102.0 and descr...
rainloop -- cross-site-scripting (XSS) vulnerability
Simon Scannell reports: The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client. When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their...
TrendNet TW100-S4W1CA Cross-Site Request Forgery Vulnerability
The TrendNet TW100-S4W1CA is a four-port broadband router. A cross-site request forgery vulnerability exists in the TrendNet TW100-S4W1CA version 2.3.32. The vulnerability stems from a lack of proper session control. An attacker could exploit the vulnerability to make unauthorized changes to the...
Design/Logic Flaw
In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the route...
CVE-2021-32424
The CVE-2021-32424 entry concerns TrendNet TW100-S4W1CA router, version 2.3.32. The vulnerability is a CSRF-style flaw arising from insufficient session controls, allowing an attacker to induce unauthorized router changes through a specially crafted web page. If an authenticated user visits a mal...
TrendNet TW100-S4W1CA 跨站请求伪造漏洞
The TrendNet TW100-S4W1CA is a four-port broadband router. A cross-site request forgery vulnerability exists in the TrendNet TW100-S4W1CA version 2.3.32. The vulnerability stems from a lack of proper session control. An attacker could exploit the vulnerability to make unauthorized changes to the...
CVE-2019-3867
A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Mitigation Toggle FEATUREPERMANENTSESSIONS to False in quay.conf...
User Registration And Login And User Management System 2.1 SQL Injection
Exploit Title: User Registration & Login and User Management System With admin panel - Authentication Bypass Date: 2020-07-04 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...