42 matches found
WordPress plugin eewee admin custom 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...
WordPress eewee admin custom plugin <= 1.8.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin eewee admin custom versions = 1.8.2.4...
WordPress eewee admin custom Plugin <= 1.8.2.4 is vulnerable to Cross Site Scripting (XSS)
Software eewee admin custom Type Plugin Vulnerable versions = 1.8.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51780 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4886c0ef8c81 Credits João Pedro S Alcântara Kinort...
CVE-2017-20098
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...
Cross site scripting
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...
CVE-2017-20098 Admin Custom Login Plugin Persistent cross site scripting
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...
CVE-2017-20098
CVE-2017-20098 affects the WordPress Admin Custom Login Plugin version 2.4.5.2. The issue is described as a manipulation of an unknown function that leads to basic persistent cross-site scripting (XSS). The vulnerability is reported as exploitable remotely. Several connected sources (Red Hat, CNV...
CVE-2017-20098 Admin Custom Login Plugin Persistent cross site scripting
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...
WordPress plugin Admin Custom Login 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Slims9 Bulian 跨站脚本漏洞
Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. A cross-site scripting vulnerability exists in Slims9 Bulian version 9.4.2, which...
CVE-2021-34628
The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the /includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7...
CVE-2021-34628
The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the /includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7...
Cross site request forgery (csrf)
The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the /includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7...
CVE-2021-34628
The CVE-2021-34628 issue affects the WordPress Admin Custom Login plugin up to version 3.2.7. It is a Cross-Site Request Forgery (CSRF) vulnerability caused by the loginbgSave action in login-form-background.php, which can lead to stored Cross-Site Scripting (XSS) by injecting arbitrary scripts. ...
WordPress 插件 跨站请求伪造漏洞
WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin admin-custom-login, which stems from the fact that the Admin Custom Login WordPress plugin is susceptible to cross-site request forgery attacks due to the loginbgSave found...
Admin Custom Login < 3.2.8 - CSRF to Stored XSS
The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the /includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7. PoC...
The vulnerability of the app/admin/custom-fields/filter-result.php web application for managing IP addresses in phpipam allows a violator to execute arbitrary SQL queries.
The vulnerability of the app/admin/custom-fields/filter-result.php web application for managing IP addresses in phpipam relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
The vulnerability of the app/admin/custom-fields/edit.php web application for managing IP addresses in phpipam allows a hacker to execute arbitrary SQL queries.
The vulnerability of the “app/admin/custom-fields/edit.php” web application for managing IP addresses in phpipam relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
Sql injection
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used...
Sql injection
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used...