147 matches found
CVE-2024-46081
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting XSS. An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the platform...
CVE-2024-40643 Joplin has a parsing error leading to Cross-site Scripting (XSS)
Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag...
CVE-2024-3944
The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to...
WordPress plugin WP To Do 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
The vulnerability of the wptodo_addcomment function in the WordPress To Do plugin, a content management system for websites, allows a hacker to perform a CSRF attack.
The vulnerability of the wptodoaddcomment function in the WordPress To Do plugin, a content management system for websites, is related to the of cross-site requests due to incorrect validation of the value of the nonce cookie. Exploiting this vulnerability could allow an attacker to execute a CSR...
CVE-2024-37539
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0...
CVE-2024-37539
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0...
CVE-2024-37539 WordPress WP To Do plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0...
CVE-2024-37539
CVE-2024-37539 is a Stored XSS vulnerability in the WP To Do (Delower WP To Do) WordPress plugin, affectin g WP To Do versions from n/a up to 1.3.0. The connected Wordfence entry lists the vulnerability as Unpatched for WP To Do ≤ 1.3.0, and notes the issue is an improper neutralization of input ...
CVE-2024-37539 WordPress WP To Do plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0...
WordPress WP To Do plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by younsoung kim, SeoHyeon Lee, MyungJu Kim, SeoHee Kang in WordPress Plugin WP To Do versions = 1.3.0...
WordPress plugin WP To Do security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress WP To Do Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software WP To Do Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37539 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8e78be231480 Credits younsoung kim, SeoHyeon Lee, MyungJu Kim, SeoHe...
CVE-2024-35723
Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.2.0...
CVE-2024-35723
Missing Authorization vulnerability in Andrew Dashboard To-Do List dashboard-to-do-list.This issue affects Dashboard To-Do List: from n/a through = 1.2.0...
CVE-2024-35723 WordPress Dashboard To-Do List plugin <= 1.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.2.0...
CVE-2024-35723
Technical details about CVE-2024-35723 are not provided in the connected documents. The sources mention a Missing Authorization issue for Dashboard To-Do List up to 1.2.0, but no specifics on exploit vectors, impacts, or fixes.
CVE-2024-35723 WordPress Dashboard To-Do List plugin <= 1.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Andrew Dashboard To-Do List dashboard-to-do-list.This issue affects Dashboard To-Do List: from n/a through = 1.2.0...
WordPress Dashboard To-Do List plugin <= 1.2.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin Dashboard To-Do List versions = 1.2.0...
WordPress Dashboard To-Do List Plugin <= 1.2.0 is vulnerable to Broken Access Control
Software Dashboard To-Do List Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35723 Patch priority Low CVSS severity Low 4.3 Developer Andrew Rapps PSID e4b3c03fafe1 Credits CatFather Required privileg...