BIT-WORDPRESS-MULTISITE-2023-5561 WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...

Input validation

The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpropaypalexpresssessionvarsforuserfields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber...

Code injection

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...

GLPI Security Vulnerabilities

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

CVE-2023-3986

A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. Th...

Cross-site scripting in Liferay Portal

Cross-site scripting XSS vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's 1 First Name, 2 Middle Name, 3 Last Name, ...

PT-2023-21397 · Mybb · Export User Plugin

Name of the Vulnerable Software and Affected Versions: Export User plugin through 2.0 for MyBB Description: The issue allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. This affects products that are no longer supported b...

SUSE CVE-2017-8816

The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service integer overflow and resultant buffer overflow, and application crash or possibly have unspecified other impact via vectors involving long user and password fields...

phpwcms 代码注入漏洞

phpwcms is an open source web content management system. It is fast, easy to install and runs on any standard web server platform that supports PHP/MySQL. A security vulnerability exists in phpwcms version 1.9.25, which stems from a vulnerability that allows remote attackers to run arbitrary code...

CVE-2022-38374

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews...

CVE-2022-38374

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews...

Signature replay attacks

Lines of code Vulnerability details Description There is a function deployHolographableContract from the HolographFactory smart contract. Among other things, the function verifies the ECDSA signature. The signed data for verification is constructed as a concatenation of different user-provided...

CVE-2022-37150

An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters...

Input validation

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

Cisco Small Business 缓冲区错误漏洞

Cisco Small Business is a switch from Cisco, U.S.A. A buffer overflow vulnerability exists in Cisco Small Business RV110W, RV130, RV130W, RV215W Routers, which stems from insufficient authentication of user fields in incoming HTTP packets. An attacker could use this vulnerability to execute...

Input validation

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

CVE-2022-20888 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

The vulnerability of the core_user class implementation in the virtual learning environment Moodle allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the coreuser class implementation in the virtual learning environment Moodle is related to deficiencies in displaying hidden user fields. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

GHSA-F99H-H678-FGG4 Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet

In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will...

MODX Revolution allows XSS through extended user fields

MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as a Container name or Attribute name...