CVE-2021-24508

The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does not sanitise or escape the feedID POST parameter in its feedlocator AJAX action available to both authenticated and unauthenticated users before outputting a truncated version of it in the admin dashboard, leading to an...

ELEX WooCommerce Google Shopping < 1.2.4 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the search GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue, which will be executed in a logged in admin context PoC https://example.com/wp-admin/admin.php?page=elex-product-feed-manage="...

CVE-2021-24437

The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting XSS which is executed in the context of a logged administrator...

Email Artillery <= 4.1 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise, validate or escape some user input before outputting back in pages leading to Reflected Cross-Site Scripting issues which will be executed in the context of a logged in admin PoC https://example.com/wp-admin/admin.php?page=etmbu-all-posts=yes=no="="...

CVE-2021-24429

The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting XSS vulnerability. The Payload will th...

Cross site scripting

The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting XSS vulnerability. The Payload will th...

CVE-2021-24429 Salon Booking System < 6.3.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting XSS vulnerability. The Payload will th...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. prismatic WordPress plugin version 2.8 prior to the...

CVE-2021-24494

The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields, like the...

Prismatic < 2.8 - Reflected Cross-Site Scripting (XSS)

The plugin does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator PoC...

Salon Booking System < 6.3.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting XSS vulnerability. The Payload will then be triggered when an admin visits the...

Synology DiskStation DS418play 注入漏洞

Synology DiskStation DS418play is a network device from Synology, a Chinese company. It provides a storage function. An injection vulnerability exists in Synology DiskStation DS418play, which can be exploited by an attacker to disclose information in an Admin user context...

CVE-2021-3109

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account...

CVE-2021-28144

prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely...

wpForo < 1.7.0 - Reflected Cross-Site Scripting (XSS) via s Parameter

The plugin did not escape, validate or escape the 's' GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in admin PoC https://example.com/wp-admin/admin.php?page=wpforo-phrases="...

OctoberCMS 1.0.425 Cross Site Scripting

Exploit Title: OctoberCMS 1.0.425 aka Build 425 Stored XSS Vendor Homepage: https://octobercms.com/ Software Link: https://octobercms.com/download Exploit Author: Ishaq Mohammed https://packetstormsecurity.com/files/author/13150/ Contact: https://twitter.com/securityprince Website:...

CubeCart Stored Cross-Site Scripting Vulnerability

CubeCart is an open source PHP e-commerce software system. A stored cross-site scripting vulnerability exists in CubeCart. Due to insufficient filtering of user-supplied data via the "firstname" and "lastname" HTTP POST parameters passed to the "/index.php" script input, a remotely-authenticated...

Unitronics VisiLogic OPLC IDE Buffer Overflow Vulnerability

Unitronics VisiLogic OPLC IDE is a suite of Human Machine Interface HMI and PLC application programming environments for use in the Vision and SAMBA series of controllers from Unitronics Israel. A buffer overflow vulnerability exists in the Unitronics VisiLogic OPLC IDE, which arises from the...

Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow

Exploit Title: Novell eDirectory 8.8 SP5 Post Auth Remote BOF Exploit 0day Date: 06/01/2010 Author: His0k4 & Simo36 Version: 8.8 SP5 Tested on: Windows xp sp3 Code : !usr\bin\perl use WWW::Mechanize; use HTTP::Cookies; use HTTP::Headers; $target=$ARGV0; if!$ARGV0 print "+ Novell eDirectory 8.8 SP...

CVE-2000-0672

The CVE-2000-0672 issue concerns the default configuration of Jakarta Tomcat which does not restrict access to the /admin context, enabling a remote attacker to read arbitrary files by invoking administrative servlets to add a context for the root directory. The vulnerability affects the admin co...