PYSEC-2024-69

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters...

UBUNTU-CVE-2024-41991

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters...

Django 安全漏洞

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django versions prior to 5.0 through 5.0.8 and 4.2 throug...

PT-2024-6155

Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.14 Django versions 5.0 through 5.0.7 Description: The issue is related to a potential denial-of-service attack in Django, specifically affecting the urlize and urlizetrunc template filters, and the...

CM Download Manager < 2.9.0 - Download Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack Make an admin open the URL below https://example.com/cmdownload/del/id/...

WordPress plugin Protect WP Admin 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error vulnerabilit...

SUSE CVE-2013-4249

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

CVE-2022-39050

An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...

CVE-2022-1595

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request...

CVE-2022-1594

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...

CVE-2022-1595

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request...

CVE-2022-1594

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...

CVE-2022-1595

CVE-2022-1595 affects the WordPress HC Custom WP-Admin URL plugin up to version 1.4. The issue is unauthenticated information disclosure: a crafted request leaks the secret admin login URL, enabling potential brute‑force targeting of the admin panel. Affected: HC Custom WP-Admin URL WordPress plu...

CVE-2022-1594

CVE-2022-1594 concerns the WordPress plugin HC Custom WP-Admin URL (versions ≤ 1.4). The vulnerability is a lack of CSRF protection when updating settings, enabling a logged-in administrator to be coerced into changing the login URL via a CSRF attack. Impact aligns with Arbitrary Settings Update ...

PT-2022-13992 · WordPress · Hc Custom Wp-Admin Url

Name of the Vulnerable Software and Affected Versions: HC Custom WP-Admin URL WordPress plugin versions 1.4 and earlier Description: The issue allows the secret login URL to be leaked when a specific crafted request is sent. Recommendations: For HC Custom WP-Admin URL WordPress plugin versions 1....

WordPress HC Custom WP-Admin URL plugin <= 1.4 - Unauthenticated Secret URL Disclosure vulnerability

Unauthenticated Secret URL Disclosure vulnerability discovered by Daniel Ruf in WordPress HC Custom WP-Admin URL plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of May 5, 2022 and is not available for download. This closure is temporary, pending a full review...

HC Custom WP-Admin URL <= 1.4 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL document.getElementById"test".submit;...

CVE-2020-20514

A Cross-Site Request Forgery CSRF in Maccms v10 via admin.php/admin/admin/del/ids/.html allows authenticated attackers to delete all users...

CVE-2020-18454

Cross Site Request Forgery CSRF vulnerability in bycms v1.3 via admin.php/systems/index/moduleid/70/groupid/1.html...

Cxuucms 跨站请求伪造漏洞

CxuuCms is an easy-to-use, open source PHP+Mysql based content management system. CXUUCMS 3.1 suffers from a cross-site request forgery vulnerability. An attacker can add an administrator account via admin.php?c=adminuser&a=add to exploit this vulnerability...