68 matches found
Business Hours Indicator < 2.3.5 - Authenticated Stored XSS
The plugin does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue Put the following payload in the "Now closed message" setting and save them: alert/XSS/ Then refresh the setting...
WPFront Scroll Top < 2.0.6.07225 - Authenticated Stored XSS
The plugin does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. Put the one of the payload below in the Image ALT setting of the plugin: The XSS will...
Design/Logic Flaw
The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0...
QSAN SANOS 操作系统命令注入漏洞
QSAN SANOS is the SAN storage management operating system from QSAN China. It comes with a refreshingly easy-to-use Web GUI and can be easily deployed into any infrastructure. An injection vulnerability exists in QSAN SANOS, which stems from the product's setting page not filtering user-entered...
JPress Cross-Site Scripting Vulnerability
JPress is a set of blogging platform developed using the Java language. A cross-site scripting vulnerability exists in JPress version 1.0-rc.5, which can be exploited to inject arbitrary web script or HTML by sending the site name, site title, or site subtitle fields to the...
CVE-2018-7991
Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110C00 have a Factory Reset Protection FRP bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific...
CVE-2018-7991
CVE-2018-7991 concerns Huawei Mate10 smartphones (versions earlier than ALP-AL00B 8.0.0.110(C00)) with a Factory Reset Protection (FRP) bypass vulnerability. The issue arises because the system does not sufficiently verify permissions when a device is connected via a data cable to a computer and ...
WordPress Plugin WP-SendSms 1.0 - Multiple Vulnerabilities
WordPress Plugin WP-SendSms 1.0 - Multiple Vulnerabilities ============================================================= \ \ / / | | / \ / | | \ \ V / | | | | | | | | | / \ | ' \ | | | | | | | | | | | | '| | / / . \ | | | | | | || | | | | | | | | | // \ | ./ || / || || |/ || | | ||...