328 matches found
PT-2026-1565
Name of the Vulnerable Software and Affected Versions Quote Comments plugin for WordPress versions through 3.0.0 Description The Quote Comments plugin for WordPress is susceptible to a missing authorization issue. This flaw stems from the absence of proper authorization checks within the...
EUVD-2022-55923
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...
CVE-2022-50802
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...
CVE-2022-50802
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...
CVE-2022-50802 ETAP Safety Manager 1.0.0.32 Unauthenticated Reflected Cross-Site Scripting via Action Parameter
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...
CVE-2022-50802 ETAP Safety Manager 1.0.0.32 Unauthenticated Reflected Cross-Site Scripting via Action Parameter
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...
CVE-2022-50802
ETAP Safety Manager 1.0.0.32 is affected by an unauthenticated reflected XSS in the 'action' GET parameter. The vulnerability allows injection of HTML/JavaScript to execute in victims’ browsers, potentially leaking credentials or enabling unauthorized actions. The issue is documented across multi...
ETAP Safety Manager 跨站脚本漏洞
ETAP Safety Manager is a centralized monitoring and management system for emergency lighting from ETAP. A cross-site scripting vulnerability exists in ETAP Safety Manager version 1.0.0.32, which stems from a cross-site scripting vulnerability in the action GET parameter that could lead to malicio...
HaloBot 安全漏洞
HaloBot is a robotics framework by the individual developers at SNRainiar. A security vulnerability exists in HaloBot, which stems from the incorrect manipulation of the parameter action in the file plugins/htmlrenderer/index.js, which could lead to dynamically managed code resources...
CVE-2025-14170
The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogalleryadmin function hooked to adminmenu. This makes it possible for authenticated attackers, with Subscriber-lev...
EUVD-2025-203015
The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogalleryadmin function hooked to adminmenu. This makes it possible for authenticated attackers, with Subscriber-lev...
CVE-2025-14170 Vimeo SimpleGallery <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification
The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogalleryadmin function hooked to adminmenu. This makes it possible for authenticated attackers, with Subscriber-lev...
CVE-2025-14170
CVE-2025-14170 (Vimeo SimpleGallery) : The WordPress plugin Vimeo SimpleGallery is vulnerable to Missing Authorization in all versions up to 0.2 due to missing authorization checks in vimeogallery_admin hooked to admin_menu. This allows authenticated attackers with Subscriber-level access and abo...
Zytec Central Authentication Service 代码注入漏洞
Zytec Central Authentication Service is a centralized authentication service from China's Zhuo Yun Zytec Company. A code injection vulnerability exists in Zytec Central Authentication Service 20251009 and earlier versions, which stems from incorrect manipulation of the parameters get.layer,...
CVE-2025-62598
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...
CVE-2025-62598 WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'action'
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...
EUVD-2025-35183
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...
CVE-2025-62598 WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'action'
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...
CVE-2025-62598 WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'action'
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...
e107 路径遍历漏洞
e107 is an open source, free and PHP and MySQL based Content Management System CMS from the E107 team. The system supports a variety of plug-ins and appearance themes, and can be used as a personal blog, discussion community, archive repository and so on. A path traversal vulnerability exists in...