WordPress plugin tagDiv Composer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress tagDiv Composer plugin <= 5.3 - Reflected Cross-Site Scripting via 'account_id' and 'account_username' vulnerability

Reflected Cross-Site Scripting via 'accountid' and 'accountusername' vulnerability discovered by Truoc Phan in WordPress Plugin tagDiv Composer versions = 5.3...

CVE-2024-8059

IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters...

CVE-2024-8059

IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters...

Exploit for Improper Input Validation in Portabilis I-Educar

CVE-2024-45058 PoC for CVE-2024-45058 Broken Access Control, a...

TextME SMS < 1.8.9 - Authenticated Stored XSS

The plugin does not escape its settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Account Username or Password settings of the plugin: " style=animation-name:rotation...

PT-2006-2844 · Bluepay · Bluepay Manager

Name of the Vulnerable Software and Affected Versions: BluePay Manager versions 2.0 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML during a login action via the Account Name and Username fields. The vendor has disputed this issue, stating it does...

CVE-2005-1010

Cross-site scripting XSS vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username...

CVE-2005-1010

Cross-site scripting XSS vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username...