5 matches found
PT-2026-32675
Name of the Vulnerable Software and Affected Versions PowerChute Serial Shutdown affected versions not specified Description Improper validation of specified quantity in input occurs when a Web Admin user alters the payload of the 'POST /logsettings' request. This issue can lead to Event and Data...
SUSE CVE-2024-4216
pgAdmin = 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end...
CVE-2023-39599
Cross-Site Scripting XSS vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter...
Advanced Comment Form < 1.2.1 - Admin+ Authenticated Stored XSS
The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. In the settings of the plugin, add the following payload to the text before the form:...
CVE-2019-11869
The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...