CVE-2023-5283

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file teachersignup.php. The manipulation of the argument firstname/lastname leads to sql injection. The attack may be initiated remotely. The...

WordPress Laposta Signup Embed Plugin < 1.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Laposta Signup Embed Type Plugin Vulnerable versions 1.1.1 Fixed in 1.1.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a512250807f5 Credits Unknown Required privilege...

WordPress Laposta Signup Embed Plugin < 1.1.1 is vulnerable to Broken Access Control

Software Laposta Signup Embed Type Plugin Vulnerable versions 1.1.1 Fixed in 1.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c6c6c052c1a2 Credits Unknown Required privilege Subscriber...

WordPress Laposta Signup Basic Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Laposta Signup Basic Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41950 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0e4907670209 Credits Nguyen Xuan...

Horse Market Sell And Rent Portal Script 1.5.7 Cross Site Scripting

==================================================================================================================================== | Title : Horse Market Sell & Rent Portal Script V1.5.7 xss via file uploads Vulnerability | | Author : indoushka | | Telegram : @indoushka | | Tested on : windows ...

CVE-2023-4478

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts...

CVE-2023-4478

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts...

Design/Logic Flaw

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts...

CVE-2023-4478

Mattermost is affected by CVE-2023-4478 due to improper handling of signup request parameters, allowing an attacker to register users as inactive and thereby block future access unless an admin activates the accounts. The issue stems from the system’s failure to restrict which request parameters ...

PT-2023-29295 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to register users as inactive during signup by manipulating parameters, thus blocking them from later accessing the system without the system admin activatin...

Clip Share 4.1.4 Cross Site Scripting

==================================================================================================================================== | Title : Clip Share 4.1.4 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...

Don't Join Threads—Make Instagram's 'Twitter Killer' Join You

Meta’s Twitter alternative promises that it will work with decentralized platforms, giving you greater control of your data. You can hold the company to that—if you don't sign up...

CVE-2021-4402

The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the muaddrolesinsignupmeta and muaddrolesinsignupmetarecently functions. This makes it possible for unauthenticated...

CVE-2023-34648

A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php...

CVE-2023-34648

A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php...

Broadleaf vulnerable to Cross-site Scripting

Broadleaf 5.x and 6.x including 5.2.25-GA and 6.2.6-GA was discovered to contain a cross-site scripting XSS vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.7-GA...

CVE-2023-33725

Broadleaf 5.x and 6.x including 5.2.25-GA and 6.2.6-GA was discovered to contain a cross-site scripting XSS vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA...

CVE-2023-33725

Broadleaf 5.x and 6.x including 5.2.25-GA and 6.2.6-GA was discovered to contain a cross-site scripting XSS vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA...

CVE-2023-33725

Broadleaf 5.x and 6.x including 5.2.25-GA and 6.2.6-GA was discovered to contain a cross-site scripting XSS vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA...

CVE-2023-33725

Broadleaf 5.x and 6.x including 5.2.25-GA and 6.2.6-GA was discovered to contain a cross-site scripting XSS vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA...