Elite Graphix Elite CMS Pro SQL Injection Vulnerability

Elite Graphix Elite CMS Pro is a lightweight PHP and MySQL based content management system from Elite Graphix India. A SQL injection vulnerability exists in the '?page=' parameter of the /admin/addsidebar.php file in Elite Graphix Elite CMS Pro version 2.01, which stems from a lack of validation ...

CVE-2018-12250

An issue was discovered in Elite CMS Pro 2.01. In /admin/addsidebar.php, the ?page= parameter is vulnerable to SQL injection...

CVE-2019-11698

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...

Fedora 27 : php-horde-horde (2018-1de045298c)

Horde 5.2.20 - mjr SECURITY: Fix XSS vulnerability when rendering custom background colors in a sidebar row Bug 14857. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...

CVE-2016-9070

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox 50...

CVE-2016-9070

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox 50...

Jenkins Sidebar Link Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Sidebar Link plugin is one of the...

MyBB Recent Threads On Index 17.0 Cross Site Scripting

Exploit Title: MyBB Recent threads Date: 4th April 2018 Exploit Author: Perileos Software Link: https://community.mybb.com/mods.php?action=view&pid=191 Version: 17.0 Tested on: Windows 10 1. Description: This plugin shows recent threads in the side bar on your MyBB forum. 2. Proof of concept:...

CVE-2017-1000088

The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links...

CVE-2017-1000088

The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links...

Input validation

The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links...

CVE-2017-1000088

The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links...

CVE-2017-1000088

The CVE concerns Jenkins Sidebar Link Plugin. The root cause is lack of input validation for sidebar entries configured by users, enabling javascript: schemes to be used in links. This leads to cross-site scripting (XSS) in affected Jenkins objects. Connected advisories (GHSA and CNVD variants) c...

XSS in the url field on the password workspace grid and sidebar

More info at https://www.passbolt.com/incidents/20170914xssonresourceurls...

Cross site request forgery (csrf)

Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin...

Mozilla Firefox is vulnerable (CNVD-2016-11466)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox has a security vulnerability. A maliciously crafted page that allows an attacker to load into the sidebar via a bookmarklet can reference a privileged chrome window and engage i...

CVE-2016-9070

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox 50...

UBUNTU-CVE-2016-9070

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox 50...

WordPress Plugin DandyID Services Has Multiple Cross-Site Request Forgery Vulnerabilities

WordPress is a blogging platform developed using the PHP language that allows users to set up their weblogs on servers that support PHP and MySQL databases. Multiple cross-site request forgery vulnerabilities in WordPress plugin DandyID Services 1.5.9 and earlier versions allow remote attackers t...

CVE-2014-9335

Multiple cross-site request forgery CSRF vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 emailaddress or 2 sidebarTitle paramet...