Lucene search
K

42 matches found

CNNVD
CNNVD
added 2024/11/09 12:0 a.m.4 views

WordPress plugin eewee admin custom 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

7.1CVSS7.4AI score0.00259EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/04 10:24 a.m.4 views

WordPress eewee admin custom plugin <= 1.8.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin eewee admin custom versions = 1.8.2.4...

7.1CVSS6.1AI score0.00259EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.14 views

WordPress eewee admin custom Plugin <= 1.8.2.4 is vulnerable to Cross Site Scripting (XSS)

Software eewee admin custom Type Plugin Vulnerable versions = 1.8.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51780 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4886c0ef8c81 Credits João Pedro S Alcântara Kinort...

7.1CVSS6.9AI score0.00259EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/06/27 7:15 p.m.14 views

CVE-2017-20098

A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...

4.8CVSS0.00493EPSS
Exploits1References2
Prion
Prion
added 2022/06/27 7:15 p.m.11 views

Cross site scripting

A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...

3.5CVSS4.9AI score0.00493EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/06/27 6:11 p.m.6 views

CVE-2017-20098 Admin Custom Login Plugin Persistent cross site scripting

A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...

3.5CVSS6.4AI score0.00493EPSS
Exploits1References2
CVE
CVE
added 2022/06/27 6:11 p.m.47 views

CVE-2017-20098

CVE-2017-20098 affects the WordPress Admin Custom Login Plugin version 2.4.5.2. The issue is described as a manipulation of an unknown function that leads to basic persistent cross-site scripting (XSS). The vulnerability is reported as exploitable remotely. Several connected sources (Red Hat, CNV...

4.8CVSS4.4AI score0.00493EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/06/27 6:11 p.m.16 views

CVE-2017-20098 Admin Custom Login Plugin Persistent cross site scripting

A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...

3.5CVSS5AI score0.00493EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.6 views

WordPress plugin Admin Custom Login 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS5.3AI score0.00493EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/03/17 12:0 a.m.5 views

Slims9 Bulian 跨站脚本漏洞

Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. A cross-site scripting vulnerability exists in Slims9 Bulian version 9.4.2, which...

4.8CVSS4.9AI score0.00486EPSS
Exploits1References2
OSV
OSV
added 2021/08/02 9:15 p.m.6 views

CVE-2021-34628

The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the /includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7...

8.8CVSS7.3AI score0.007EPSS
Exploits2References2
NVD
NVD
added 2021/08/02 9:15 p.m.18 views

CVE-2021-34628

The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the /includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7...

8.8CVSS0.007EPSS
Exploits2References2
Prion
Prion
added 2021/08/02 9:15 p.m.19 views

Cross site request forgery (csrf)

The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the /includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7...

6.8CVSS8.5AI score0.007EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2021/08/02 8:39 p.m.67 views

CVE-2021-34628

The CVE-2021-34628 issue affects the WordPress Admin Custom Login plugin up to version 3.2.7. It is a Cross-Site Request Forgery (CSRF) vulnerability caused by the loginbgSave action in login-form-background.php, which can lead to stored Cross-Site Scripting (XSS) by injecting arbitrary scripts. ...

8.8CVSS8.6AI score0.007EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.7 views

WordPress 插件 跨站请求伪造漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin admin-custom-login, which stems from the fact that the Admin Custom Login WordPress plugin is susceptible to cross-site request forgery attacks due to the loginbgSave found...

8.8CVSS7.6AI score0.007EPSS
Exploits2References3
WPVulnDB
WPVulnDB
added 2021/07/28 12:0 a.m.27 views

Admin Custom Login < 3.2.8 - CSRF to Stored XSS

The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the /includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7. PoC...

6.8CVSS3.9AI score0.007EPSS
Exploits2References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/23 12:0 a.m.6 views

The vulnerability of the app/admin/custom-fields/filter-result.php web application for managing IP addresses in phpipam allows a violator to execute arbitrary SQL queries.

The vulnerability of the app/admin/custom-fields/filter-result.php web application for managing IP addresses in phpipam relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

10CVSS7.6AI score0.10318EPSS
Exploits6References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/23 12:0 a.m.6 views

The vulnerability of the app/admin/custom-fields/edit.php web application for managing IP addresses in phpipam allows a hacker to execute arbitrary SQL queries.

The vulnerability of the “app/admin/custom-fields/edit.php” web application for managing IP addresses in phpipam relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

10CVSS7.6AI score0.01881EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2019/09/22 3:15 p.m.14 views

Sql injection

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used...

7.5CVSS9.8AI score0.01881EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/09/22 3:15 p.m.15 views

Sql injection

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used...

7.5CVSS9.8AI score0.04338EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder