Lucene search
K

204 matches found

Positive Technologies
Positive Technologies
added 2024/11/09 12:0 a.m.4 views

PT-2024-34761 · Duogeek · Duogeek Custom Admin Menu

Name of the Vulnerable Software and Affected Versions: DuoGeek Custom Admin Menu versions n/a through 1.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in DuoGeek Custom Admin...

6.5CVSS5.7AI score0.00238EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/09 12:0 a.m.3 views

WordPress plugin Custom Admin Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS5.9AI score0.00238EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/10/31 3:1 p.m.3 views

WordPress Custom Admin Menu plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Custom Admin Menu versions = 1.0.0...

6.5CVSS6.1AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/31 12:0 a.m.9 views

WordPress Custom Admin Menu Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Custom Admin Menu Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51618 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bbf3ecaf90b5 Credits SOPROBRO Required privilege Contributo...

6.5CVSS6.5AI score0.00238EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/24 12:0 a.m.28 views

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...

0.00684EPSS
Exploits1References2
OSV
OSV
added 2024/07/31 12:15 a.m.3 views

CVE-2024-7277

A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/menu.php of the component Add a Menu. The manipulation of the argument image leads to unrestricted upload. The attack may be...

7.2CVSS5.5AI score0.00541EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.5 views

itsourcecode Alton Management System 代码问题漏洞

itsourcecode Alton Management System is an online restaurant management system from itsourcecode. A code issue vulnerability exists in version 1.0 of itsourcecode Alton Management System, which stems from an unrestricted file upload vulnerability in the image function of the /admin/menu.php of th...

7.2CVSS5.3AI score0.00541EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.24 views

Super Page Cache for Cloudflare < 4.7.6 - Cross-Site Request Forgery

Description The Super Page Cache for Cloudflare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7.5. This is due to missing or incorrect nonce validation on the adminmenupageindex function. This makes it possible for unauthenticated attackers t...

7.1CVSS6.6AI score0.00186EPSS
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2024/03/18 12:0 a.m.178 views

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Click SendPress in the Admin menu...

5.7AI score0.0071EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/03/10 12:0 a.m.5 views

PT-2024-19930 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.1.3 Description: A problematic issue was found in the software, affecting an unknown function of the file /admin/menu/toEdit. The manipulation of the id argument leads to cross-site request forgery. It is possible to...

6.5CVSS4.9AI score0.00299EPSS
Exploits0References7
NVD
NVD
added 2024/02/21 7:15 a.m.12 views

CVE-2024-24876

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...

8.8CVSS4.6AI score0.00214EPSS
Exploits0References1
OSV
OSV
added 2024/02/21 7:15 a.m.3 views

CVE-2024-24876

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...

8.8CVSS7.3AI score0.00214EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 7:15 a.m.11 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...

4.3CVSS7.5AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/21 6:54 a.m.22 views

CVE-2024-24876 WordPress Admin Menu Editor Plugin <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...

4.3CVSS5AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/21 6:54 a.m.27 views

CVE-2024-24876 WordPress Admin Menu Editor Plugin <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...

4.3CVSS7AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2024/02/21 6:54 a.m.80 views

CVE-2024-24876

CVE-2024-24876 is a CSRF vulnerability in the WordPress plugin Admin Menu Editor affecting versions

8.8CVSS6.3AI score0.00214EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.3 views

WordPress Plugin Admin Menu Editor Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

8.8CVSS6.7AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.7 views

PT-2024-20632 · Unknown · Admin Menu Editor

Name of the Vulnerable Software and Affected Versions: Admin Menu Editor versions 1.12 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Admin Menu Editor. This allows an attacker to perform unintended actions on the victim's behalf. Recommendations: For versions 1.12 a...

8.8CVSS5.5AI score0.00214EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/02/05 12:0 a.m.9 views

WordPress Admin Menu Editor Plugin <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software Admin Menu Editor Type Plugin Vulnerable versions = 1.12 Fixed in 1.12.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24876 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 49e5e1a0e68c Credits Dhabaleshwar Das...

8.8CVSS6.6AI score0.00214EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/09/30 9:15 p.m.4 views

CVE-2023-43713

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability, which allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit" endpoint, which can lead to unauthorized execution of scripts in a user's web browser...

5.4CVSS5.9AI score0.00431EPSS
Exploits1References2
Rows per page
Query Builder