Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient input sanitization in the "Add Folder" functionality. An attacker with admin privileges can exploit this by injecting malicious scripts int...

CVE-2025-0660

Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...

Concrete CMS 输入验证错误漏洞

Concrete CMS is a team-oriented open source content management system from Concrete CMS Open Source. An input validation error vulnerability exists in Concrete CMS versions 9.0.0 through 9.3.9, which stems from a lack of input cleanup in the Add Folder feature and could lead to a malicious...

CVE-2024-8170

A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the argument folder leads to unrestricted upload. It is possible to initiate the attack remotely. The...

PT-2024-38855 · Sourcecodester · Sourcecodester Zipped Folder Manager App

Name of the Vulnerable Software and Affected Versions: SourceCodester Zipped Folder Manager App version 1.0 Description: A vulnerability has been found in the SourceCodester Zipped Folder Manager App, affecting an unknown part of the file /endpoint/add-folder.php. The manipulation of the folder...

CVE-2023-0724

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxaddfolder function. This makes it possible for unauthenticated attackers to invoke this function via forge...

CVE-2023-0724

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxaddfolder function. This makes it possible for unauthenticated attackers to invoke this function via forge...

WordPress plugin Wicked Folders 跨站请求伪造漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ghost is a plugin for importing/exporting WordPress data. relevant is a relevant content...

VulnCheck KEV: CVE-2023-0713

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

CVE-2023-0713

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

CVE-2023-0713

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

WordPress plugin Wicked Folders 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

FileBug v1.5.1 iOS - Path Traversal Web Vulnerability

Document Title: =============== FileBug v1.5.1 iOS - Path Traversal Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1342 Release Date: ============= 2014-10-15 Vulnerability Laboratory ID VL-ID: ==================================== 1342...

FileBug v1.5.1 iOS - Directory Traversal Vulnerability

Document Title: =============== FileBug v1.5.1 iOS - Directory Traversal Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1342 Release Date: ============= 2014-10-14 Vulnerability Laboratory ID VL-ID: ==================================== 134...

FTP Sprite 1.2.1 iOS - Persistent XSS Vulnerability

No description provided by source. Title: ====== FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability Date: ===== 2013-07-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1007 VL-ID: ===== 1007 Common Vulnerability Scoring System: ====================================...

FTP Sprite 1.2.1 Script Insertion

Title: ====== FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability Date: ===== 2013-07-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1007 VL-ID: ===== 1007 Common Vulnerability Scoring System: ==================================== 3.7 Introduction: ============= FTP...