27 matches found
CVE-2024-11273 Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Admin+ Stored XSS
The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed fo...
CVE-2025-2078 BlogBuzzTime-for-wp <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The BlogBuzzTime for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...
CVE-2024-13326
CVE-2024-13326 affects the iBuildApp WordPress plugin (versions up to 0.2.0). The issue is a reflected cross-site scripting (XSS) caused by insufficient sanitization/escaping of a parameter before echoing it to the page, enabling an attacker to trick high-privilege users (e.g., admins) into execu...
Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.0.8 Images Update
New images are available for Red Hat build of Keycloak 26.0.8 and Red Hat build of Keycloak 26.0.8 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat...
JSA10400 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - SSL-VPN Security Bundle - Admin Issues
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Issue in archiving web page - Dig parameter injection issue in...
SUSE-SU-2021:3562-1 Security update for SUSE Manager Server 4.1
This update fixes the following issues: spacewalk-admin: - Version 4.1.10-1 Fix setup with rhn-config-satellite bsc1190300 Allow admins to modify only spacewalk config files with rhn-config-satellite.pl bsc1190040 CVE-2021-40348 How to apply this update: 1. Log in as root user to the SUSE Manager...
CVE-2006-1353
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the downloadid parameter in downloadclick.asp and 2 contentID parameter in news/NewsItem.asp; authenticated administrators can also conduct attacks via 3 userid...