WordPress plugin Advanced Admin Search 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Advanced Admin Search plugin, which stems fr...

PT-2022-13310 · WordPress · Advanced Admin Search

Name of the Vulnerable Software and Affected Versions: Advanced Admin Search WordPress plugin versions prior to 1.1.6 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because some parameters are not properly sanitized and escaped before being outputted back...

CVE-2022-1556

The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection...

WordPress plugin StaffList SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. SQL injection vulnerability exists in versions of WordPress StaffList plugin prior to 3.1.5, which...

WordPress Advanced Admin Search plugin <= 1.1.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Advanced Admin Search plugin versions = 1.1.5. Solution Update the WordPress Advanced Admin Search plugin to the latest available version at least 1.1.6...

Advanced Admin Search < 1.1.6 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. Affected parameters: keyword, user, metaKey, and metaValue https://example.com/wp-admin/admin.php?page=advanced-admin-search&keyword="...

CVE-2021-25197

Cross-site scripting XSS vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to contentmanagementsystem\admin\newcontent.php...

CVE-2020-36412

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module...

Cross site scripting

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module...

CVE-2020-36412

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module...

CVE-2020-10584

A directory traversal on the /admin/searchby.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application...

S-cart Cross-Site Scripting Vulnerability

S-cart is a Php-based e-commerce management platform from the S-cart community. A cross-site scripting vulnerability exists in s-cart core before version 4.4, which stems from a lack of detection of client-side input in the search function of the admin dashboard in...

CVE-2020-10453

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/search-users.php by adding a question mark ? followed by the payload...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2020-13525)

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engine. A cross-site scripting vulnerability exists in CMS Made Simple 2.2.11, which can be exploited to conduct cross-site scripting attacks via the Admin Module Manager Search Term...

EyesOfNetwork web interface 'term' parameter SQL injection vulnerability

EyesOfNetwork EON is an open source, free IT monitoring solution. The solution provides business process configuration tools, generating pop-up windows when events occur in the active queue, etc. EyesOfNetwork web interface aka eonweb is one of the web interfaces. A SQL injection vulnerability...

ImageCMS SQL注入漏洞

CVE ID:CVE-2012-6290 ImageCMS是一款内容管理系统。 ImageCMS存在跨站请求伪造漏洞，允许远程攻击者构建恶意URI，诱使用户解析，可以目标用户上下文执行恶意操作。 由于传递到"/admin/adminsearch/"的"q" HTTP GET参数没有正确过滤，攻击者可以利用漏洞在应用数据库中执行任意SQL代码。 0 ImageCMS 4.0.0b ImageCMS 4.2已经修复该漏洞，建议用户下载更新： http://forum.imagecms.net/viewtopic.php?id=1436...

CVE-2008-2766

Cross-site scripting XSS vulnerability in Xigla Absolute Image Gallery XE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in 1 admin/search.asp and 2 gallery.asp...

CVE-2008-2768

Cross-site scripting XSS vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors "all fields"...

CVE-2008-2764

Cross-site scripting XSS vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors "all fields"...

CVE-2007-0363

Cross-site scripting XSS vulnerability in admin-search.php in 1 Openads for PostgreSQL aka phpPgAds before 2.0.10 and 2 Openads aka phpAdsNew before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...