CVE-2025-48239 WordPress Product Notes Tab & Private Admin Notes for WooCommerce plugin <= 3.1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Product Notes Tab & Private Admin Notes for WooCommerce product-notes-for-woocommerce allows Stored XSS.This issue affects Product Notes Tab & Private Admin Notes for WooCommerce: from n/...

PT-2024-33668 · Librenms · Librenms +1

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: The application fails to properly sanitize user input, allowing an attacker to execute malicious JavaScript code. This issue occurs when a user with an Admin role adds Notes to a device and the...

CVE-2024-7945

CVE-2024-7945 affects itsourcecode Laravel Property Management System 1.0. The vulnerability is a cross-site scripting flaw in the Notes Page component, specifically the /admin/notes/create functionality, caused by unsafely handling the Note text argument. Attack is described as remote and public...

CVE-2024-7945 itsourcecode Laravel Property Management System Notes Page create cross site scripting

A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/notes/create of the component Notes Page. The manipulation of the argument Note text leads to cross...

itsourcecode Laravel Property Management System 跨站脚本漏洞

Laravel Property Management System is an itsourcecode open source property management system. A cross-site scripting vulnerability exists in version 1.0 of itsourcecode Laravel Property Management System, which originates from a cross-site scripting vulnerability in the Note text parameter of the...

CVE-2023-6633

The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks...

PT-2024-11923 · WordPress · Print Invoice & Delivery Notes

Name of the Vulnerable Software and Affected Versions: The Print Invoice & Delivery Notes for WooCommerce WordPress plugin versions prior to 4.7.2 Description: The issue is caused by a reflected XSS vulnerability, which occurs when a GET value is echoed in an admin note within the WooCommerce...

Site Notes <= 2.0.0 - Admin Note Deletion via CSRF

Description The plugin does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks PoC Have an administrator open the following HTML file:...

WordPress Super Notes – create Admin Notes with ease Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Super Notes – create Admin Notes with ease Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2252dccf311e Credits Rafie...

CVE-2022-2762

The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack...

Cross site request forgery (csrf)

The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack...

CVE-2022-0211

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2022-0211

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2022-0211 Shield Security < 13.0.6 - Admin+ Stored Cross-Site Scripting

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

Shield Security < 13.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. PoC Put the following payload as an Admin Note Shield Security Tools Admin Notes:...

QR Redirector < 1.6.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site Scripting attacks. As a contributor, create/edit a "QR Redirect" and set the following fields: "URL to Redirect to": https://example.com/"...

CVE-2018-19750

DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields...

MyBB Admin Notes plugin cross-site request forgery vulnerability

MyBB a.k.a. MyBulletinBoard is a free and web-based forum software developed by the MyBB team using PHP and MySQL.Admin Notes is used in one of the admin notes plugin. A cross-site request forgery vulnerability exists in versions of MyBB Admin Notes plugin prior to version 1.1. A remote attacker...

Cross site request forgery (csrf)

An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table aka Clear Table action...

CVE-2018-11092

An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table aka Clear Table action...