246 matches found
PT-2024-17272 · Unknown · Phpgurukul User Registration & Login/User Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul User Registration & Login and User Management System version 1.0 Description: A critical vulnerability has been found in the system, affecting an unknown part of the file /signup.php. The manipulation of the email argument leads to...
CVE-2024-39654
Missing Authorization vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through = 2.2.12...
CVE-2024-39654
CVE-2024-39654 concerns WordPress Sign-up Sheets plugin (versions
CVE-2024-39654 WordPress Sign-up Sheets plugin <= 2.2.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through = 2.2.12...
CVE-2024-39654 WordPress Sign-up Sheets plugin <= 2.2.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through = 2.2.12...
WordPress plugin Sign-up Sheets 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-28592 · Unknown · Fetch Designs Sign-Up Sheets
Name of the Vulnerable Software and Affected Versions: Fetch Designs Sign-up Sheets versions 2.2.12 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Fetch...
CVE-2024-7472
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...
CVE-2024-7472
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...
CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...
CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...
CVE-2024-7472
CVE-2024-7472 affects lunary-ai/lunary v1.2.26, exposing an email injection vulnerability in the /v1/users/send-verification and /auth/signup endpoints. The root cause is bypassing the extractFirstName function by using an alternate whitespace character (e.g., \xa0), enabling data to be injected ...
Expense Management System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Expense Management System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...
WordPress Sign-up Sheets plugin < 2.2.13 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Sign-up Sheets versions 2.2.13...
CVE-2024-6020
The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $SERVER'REQUESTURI' parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting...
CVE-2024-6020
The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $SERVER'REQUESTURI' parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting...
CVE-2024-6020 Sign-up Sheets < 2.2.13 - Reflected XSS
The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $SERVER'REQUESTURI' parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting...
CVE-2024-6020 Sign-up Sheets < 2.2.13 - Reflected XSS
The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $SERVER'REQUESTURI' parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting...
CVE-2024-6020
The CVE-2024-6020 entry concerns the Sign-up Sheets WordPress plugin prior to version 2.2.13. The vulnerability arises because generated URLs and the $_SERVER['REQUEST_URI'] value are not properly escaped before being echoed in attributes, enabling Reflected Cross-Site Scripting. Affected softwar...
WordPress Sign-up Sheets Plugin < 2.2.13 is vulnerable to Cross Site Scripting (XSS)
Software Sign-up Sheets Type Plugin Vulnerable versions 2.2.13 Fixed in 2.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6020 Patch priority Medium CVSS severity Medium 7.1 Developer Fetch Designs PSID 65a76cb93247 Credits Bob Matyas Required...