124 matches found
ZOHO ManageEngine ServiceDesk Plus和SupportCenter Plus 安全漏洞
ZOHO ManageEngine ServiceDesk Plus SDP and ZOHO ManageEngine SupportCenter Plus are both products of ZOHO, Inc.ZOHO ManageEngine ServiceDesk Plus is a suite of ITIL architecture-based ZOHO ManageEngine ServiceDesk Plus is an ITIL-based IT service management software. The software integrates...
PT-2024-27643 · Unknown · Image Hover Effects - Caption Hover With Carousel
Name of the Vulnerable Software and Affected Versions: Image Hover Effects - Caption Hover with Carousel versions 3.0.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS...
WordPress Comment Reply Email plugin <= 1.3 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Masamichi Aoki Patchstack Alliance in WordPress Plugin Comment Reply Email versions = 1.3...
CVE-2024-4757
The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-5448
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perfo...
CVE-2024-26088
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-35705
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ciprian Popescu Block for Font Awesome allows Stored XSS.This issue affects Block for Font Awesome: from n/a through 1.4.4...
CVE-2023-4728
The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and abov...
CVE-2024-1242
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-40461
The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition...
PT-2023-23252 · Baidu · Baidu Tongji Generator
Name of the Vulnerable Software and Affected Versions: Baidu Tongji generator versions n/a through 1.0.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the Haoqisir Baidu Tongji generator. Recommendations: For versions n/a through 1.0.2, as a...
CVE-2023-44242
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in 2J Slideshow Team Slideshow, Image Slider by 2J plugin = 1.3.54 versions...
PT-2023-28073 · Yydevelopment · Back To The Top Button
Name of the Vulnerable Software and Affected Versions: YYDevelopment Back To The Top Button plugin versions = 2.1.5 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For YYDevelopment...
CVE-2022-4466
The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2022-4125
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well...
CVE-2022-1913
The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...
CVE-2021-38468
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system...
Cross site scripting
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system...
CVE-2021-38468 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system...
CVE-2020-36413
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module...