200 matches found
Sql injection
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-1778
CVE-2024-1778 affects the WordPress plugin “Admin side data storage for Contact Form 7.” The vulnerability is due to a missing capability check in the zt_dcfcf_change_bookmark() function, enabling unauthenticated actors to modify bookmark statuses in all versions up to 1.1.1. Multiple connected s...
The vulnerability of the log management function of the email audit platform MailSherlock allows a perpetrator to execute arbitrary commands.
The vulnerability of the log management function of the email audit platform MailSherlock is related to the lack of data cleaning measures at the administrative level. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary commands...
The vulnerability of the XWiki platform for creating collaborative web applications lies in the lack of protection for administrative data. This allows attackers to disclose information about users’ email addresses.
The vulnerability of the XWiki Platform lies in the lack of protection for user data. Exploiting this vulnerability could allow a malicious actor to obtain information about users’ email addresses remotely...
CVE-2024-1246
Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...
CVE-2023-5644
The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users...
PT-2023-32233 · WordPress · Wp Mail Log
Name of the Vulnerable Software and Affected Versions: WP Mail Log WordPress plugin versions prior to 1.1.3 Description: The issue arises from incorrect authorization of REST API endpoints in the WP Mail Log WordPress plugin, allowing users with the Contributor role to view and delete data that...
EverShop Security Breach
EverShop is EverShop open source a NodeJS e-commerce platform. A security vulnerability exists in EverShop versions prior to v.1.0.0-rc.5. A remote attacker can exploit this vulnerability to obtain sensitive information from the admin panel via a specially crafted script...
CVE-2023-35800
Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators...
Stormshield Endpoint Security 安全漏洞
Stormshield Endpoint Security is a product line of enhanced workstation and server security from the French company Stormshield. A security vulnerability exists in Stormshield Endpoint Security Evolution versions 2.0.0 through 2.3.2, which stems from an ACL entry on the SES Evolution agent...
The vulnerability of the GLPI system’s request and incident handling process, related to improper input cancellation during the generation of web pages, allows attackers to carry out attacks using cross-site scripts.
The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data in the administration panel. Users can inject and execute arbitrary HTML and scripts in the user’s browser within the context of the vulnerable website. Exploiting this...
WordPress plugin Admin side data storage for Contact Form 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2023-1431
The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location /wp-content/plugins/wordpress-simple-paypal-shopping-cart/includes/admin/...
Cross site scripting
A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is ab...
CVE-2015-10080 NREL api-umbrella-web Admin Data Table cross site scripting
A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is ab...
CVE-2015-10080 NREL api-umbrella-web Admin Data Table cross site scripting
A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is ab...
API Umbrella Web 跨站脚本漏洞
API Umbrella Web is an open source library from National Renewable Energy Laboratory. A cross-site scripting vulnerability exists in API Umbrella Web version 0.7.1, which stems from an issue with an unknown portion of the component Admin Data Table Handler that can lead to a cross-site scripting...
CVE-2022-25625
A malicious unauthorized PAM user can access the administration configuration data and change the values...
GHSA-2RR8-9C6G-8J5C Missing Authorization in Crafter CMS
In Crafter CMS Crafter Studio 3.0 prior to 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data...
CVE-2022-0837
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...