PT-2021-14497 · Grav · Grav Admin Plugin

Name of the Vulnerable Software and Affected Versions: Grav Admin Plugin versions 1.10.7 and earlier Description: The issue allows an unauthenticated user to execute certain methods of the administrator controller without credentials, resulting in arbitrary YAML file creation or modification. Thi...

Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting

Exploit Title: Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting Date: 13-12-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/downloads Version: Grav v1.6.30 - Admin v1.9.18 Tested on: Windows 10/Kali Linux...

Grav CMS 1.6.30 Cross Site Scripting

Exploit Title: Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting Date: 13-12-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/downloads Version: Grav v1.6.30 - Admin v1.9.18 Tested on: Windows 10/Kali Linux...

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to cross-site scripting XSS. A user with the ability to edit pages is able to inject and execute malicious code due to insecure default security configuration when using Admin plugin to edit pages...

SSRF when adding Jira server in admin plugin

h2. Please be aware that Atlassian does not consider this issue to represent a security risk as the functionality is restricted to users with administrative rights. h3. Issue Summary When adding a Jira server in Bamboo under the "User directories" module, an attacker can put any value in the...

SSRF when adding Jira server in admin plugin

h2. Please be aware that Atlassian does not consider this issue to represent a security risk as the functionality is restricted to users with administrative rights. h3. Issue Summary When adding a Jira server in Bamboo under the "User directories" module, an attacker can put any value in the...

hexo-admin plugin for Node.js cross-site scripting vulnerability

hexo-admin plugin for Node.js is a backend administration plugin for use in Node.js. A cross-site scripting vulnerability exists in the Post editor feature in hexo-admin plugin for Node.js version 2.3.0 and earlier, which stems from the lack of proper validation of client-side data in a web...

CVE-2019-17606

The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post...

CVE-2019-17606

CVE-2019-17606 : The hexo-admin plugin for Node.js (versions ≤ 2.3.0) is vulnerable to stored cross-site scripting via the content of a post in the Post editor. The root cause is lack of proper validation/escaping of user-supplied content, allowing an attacker to inject arbitrary JavaScript that ...

CVE-2017-18520

The democracy-poll plugin before 5.4 for WordPress has XSS via updatel10n in admin/class.DemAdminInit.php...

CVE-2018-20971

The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan...

Cross site request forgery (csrf)

The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan...

CVE-2018-20971

The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan...

WordPress Absolutely Glamorous Custom Admin Plugin <= 6.4.1 Database Backup Arbitrary File Download Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112439";...

CVE-2018-11098

An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/filemanager/upload URI, a similar issue to CVE-2014-4912...

Frog CMS File Upload Vulnerability

Frog CMS is a content management system CMS developed by software developer Philippe Archambault. The system provides tools for page templates, user rights management, and document management. A security vulnerability exists in Frog CMS version 0.9.5. An attacker can exploit the vulnerability wit...

Church Admin < 1.2550 - CSRF

The Church Admin WordPress plugin was affected by a CSRF security vulnerability...

GravCMS Core 1.4.2 Cross Site Scripting

Exploit Title: GravCMS Core Admin Plugin v1.4.2 - Persistent Cross-Site Scripting Date: 2017-06-07 Exploit Author: Ahsan Tahir Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/download/core/grav-admin/1.2.4 Version: 1.4.2 Tested on: Kali Linux 2.0 | Windows 8.1 Email:...

Piwigo Remote File Inclusion Vulnerability (CNVD-2017-00112)

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. A security vulnerability exists in the admin/plugin.php file in Piwigo 2.8.3 and earlier versions, which stems from the...

Piwigo Cross-Site Scripting Vulnerability (CNVD-2017-00119)

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. A cross-site scripting vulnerability exists in the admin/plugin.php file in Piwigo 2.8.3 and prior versions. A remote...