1035 matches found
PT-2023-24458 · Broadleaf · Broadleaf
Name of the Vulnerable Software and Affected Versions: Broadleaf versions 5.x through 6.2.6-GA Description: The issue is related to a cross-site scripting XSS vulnerability that can be exploited via a customer signup with a crafted email address. Recommendations: For versions 5.x through 6.2.6-GA...
CVE-2020-36715
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute i...
CVE-2020-36715
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute i...
Authorization
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute i...
CVE-2020-36715 Login/Signup Popup < 1.5 - Missing Authorization
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute i...
PT-2023-11857 · WordPress · Login/Signup Popup
Name of the Vulnerable Software and Affected Versions: Login/Signup Popup plugin for WordPress versions up to, and including, 1.4 Description: The issue is related to authorization bypass due to missing capability checks on several functions. This allows authenticated attackers to inject arbitrar...
WordPress Plugin Login/Signup Popup 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2023-27043
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
Atlassian Jira Service Management 5.5.0 < 5.3.3 Critical Authentication Vulnerability
According to its self-reported version number, the Atlassian Jira Service Management application running on the remote host is version 5.3.0 prior to version 5.3.3, 5.4.0 prior to 5.4.2 or 5.5.0 prior to 5.3.3. It is, therefore, affected by a critical authentication vulnerability which allows a...
SUSE CVE-2023-27043
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
CVE-2023-27043
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
ALPINE-CVE-2023-27043
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
AZL-35144 CVE-2023-27043 affecting package python3 3.12.9-9
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
AZL-31167 CVE-2023-27043 affecting package python3 for versions less than 3.9.19-9
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
CVE-2023-27043
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
CVE-2023-27043
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
CVE-2023-27043
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
CVE-2023-2035
A vulnerability has been found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file signup.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has bee...
Video Sharing Website SQL注入漏洞
Video Sharing Website is a video sharing website. A SQL injection vulnerability exists in Campcodes Video Sharing Website version 1.0, which stems from a problem in the file signup.php, where manipulation of the parameter id can lead to sql injection...
CVE-2023-27212
A cross-site scripting XSS vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter...