125 matches found
PT-2024-39907 · 10Web · The Photo Gallery
Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions up to, and including, 1.8.30 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization a...
PT-2024-5213 · Hewlett Packard · Hpe Aruba Networking Edgeconnect Sd-Wan Orchestrator
Name of the Vulnerable Software and Affected Versions: HPE Aruba Networking EdgeConnect SD-WAN Orchestrator affected versions not specified Description: The issue exists due to inadequate protection of the web page structure in the web-based management interface. This allows a remote attacker to...
PT-2023-31775 · WordPress · Forminator
Name of the Vulnerable Software and Affected Versions: Forminator WordPress plugin versions prior to 1.27.0 Description: The issue arises from improper sanitization of the redirect-url field in form submission settings. This could allow high-privilege users, such as administrators, to inject...
CVE-2023-36619
Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users...
Design/Logic Flaw
Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users...
Security Bulletin:IBM TRIRIGA Application Platform discloses cross-site scripting (CVE-2022-24620)
Summary CVE-2022-24620 Piwigo is vulnerable to cross-site scipting Vulnerability Details IBM X-Force ID: 87544 DESCRIPTION: Piwigo is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the admin.php script. A remote attacker could exploit this vulnerabilit...
Pluck 跨站脚本漏洞
Pluck is a content management system CMS developed using the PHP language. A security vulnerability exists in Pluck CMS versions 4.7.15 through 4.7.16-dev4, which originates from a cross-site scripting XSS vulnerability in file /admin.php. An attacker can exploit the vulnerability by uploading a...
Pimcore 路径遍历漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A path traversal vulnerability exists in Pimco...
WordPress plugin Five Star Restaurant Reservations 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A vulnerability exists in t...
EC-CUBE 跨站脚本漏洞
EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE versions 4.0.0 through 4.1.2, which stems from a DOM-based cross-site scripting vulnerability that could allow a remote attacker to execute arbitrary script on the...
Digital Watchdog DW MEGApixel IP cameras 操作系统命令注入漏洞
Digital Watchdog DW MEGApixel IP cameras is a series of webcam solutions from Digital Watchdog USA. An operating system command injection vulnerability exists in Digital Watchdog DW MEGApixel IP cameras version A7.2.220211029, which originates from a command injection contained in the component...
CVE-2022-2148
The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-31352
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manageservice.php?id=...
CVE-2022-28420
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=...
CVE-2022-28009
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\attendancedelete.php...
CVE-2021-31835
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator ePO prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized...
CVE-2021-39334
The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjbexpin and the psjbcurrin parameters found in the /job-settings.php file which allowed attackers with administrative user access to inject arbitrary...
EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting
Overview EC-CUBE plugin "Order Status Batch Change Plug-in" provided by ActiveFusions Co., Ltd. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by conducting a specific operation on the management page of EC-CUBE. ActiveFusions Co., Ltd. reported this...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 May 10, an attack exploting this vulnerability has been observed in the wild...
BigBlueButton Greenlight Cross-Site Scripting Vulnerability
BigBlueButton is BigBlueButton community of a set of open source Web conferencing system . A cross-site scripting vulnerability exists in BigBlueButton Greenlight version 2.7.6, which stems from a cross-site scripting XSS vulnerability in the "merge account" function of admin .js. No details of t...