CVE-2022-0769

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection...

WordPress plugin Users Ultra SQL注入漏洞

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Users Ultra has a SQL injection vulnerability, which stems from the inability to properly clean and escape the datatarget...

UBUNTU-CVE-2021-21313

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters target and id are not...

PT-2021-14411 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.4 Description: The issue concerns a vulnerability in the "/ajax/common.tabs.php" endpoint, where at least two parameters, target and id, are not properly sanitized. This can be exploited using specific payloads,...

GLPI 跨站脚本漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

MikroTik RouterOS Cross-Site Scripting Vulnerability (CNVD-2021-01532)

MikroTik RouterOS is the operating system for the MikroTik RouterBOARD hardware. A reflected cross-site scripting vulnerability exists in the hotspot login page in MikroTik RouterOS 2021-01-04 and earlier. An attacker can exploit this vulnerability via the target parameter to conduct a cross-site...

CVE-2021-3014

In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter...

Mikrotik MikroTik RouterOS 跨站脚本漏洞

MikroTik RouterOS is the operating system for the MikroTik RouterBOARD hardware. A reflected cross-site scripting vulnerability exists in the hotspot login page in MikroTik RouterOS 2021-01-04 and earlier. An attacker can exploit this vulnerability via the target parameter to conduct a cross-site...

PT-2020-14841 · Prometheus +2 · Prometheus Blackbox Exporter +2

Name of the Vulnerable Software and Affected Versions: Prometheus Blackbox Exporter versions through 0.17.0 Description: The issue allows for a Server-Side Request Forgery SSRF via the /probe endpoint with the target parameter. There is a discussion suggesting this could be seen as both intended...

CVE-2020-11702

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

Cross site scripting

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion Vulnerability

Exploit for php platform in category web applications The latest version downloaded from the official website, the file name is phpMyAdmin-4.8.1-all-languages.zip The problem appears in /index.php Find 5563 lines Line 61 contains include $REQUEST'target'; This is obviously LFI precursor, as long ...

web.goal-tracker.com XSS vulnerability

Vulnerable URL: https://web.goal-tracker.com/login.php?target=1"...

OIC Exponent CMS SQL Injection Vulnerability (CNVD-2016-11166)

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. The 'DragnDropReRank' functio...

UBUNTU-CVE-2015-3439

Cross-site scripting XSS vulnerability in the Ephox formerly Moxiecode plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as...

DEBIAN-CVE-2015-3439

Cross-site scripting XSS vulnerability in the Ephox formerly Moxiecode plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as...

CVE-2015-3439

Cross-site scripting XSS vulnerability in the Ephox formerly Moxiecode plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as...

WordPress <= 4.1.1 - XSS

Because of this vulnerability, an attacker can execute same-origin JavaScript functions via the "target" parameter, as demonstrated by executing a certain click function, related to init.as and fireEvent.as. Solution Update WordPress...

DEBIAN-CVE-2012-2129

Cross-site scripting XSS vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action...

CVE-2012-2129

Cross-site scripting XSS vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action...