Admin Menu <= 1.1 - Authenticated Cross-Site Scripting (XSS)

The Admin Menu WordPress plugin, versions 1.1 and below, were vulnerable to Authenticated Cross-Site Scripting XSS within the "role" GET parameter. http://www.example.com/wp-admin/admin.php?page=admin-menu-pro&role=alertString.fromCharCode88,83,83...

CVE-2019-20789

Croogo is affected in versions before 3.0.7. The vulnerability is a Cross-Site Scripting (XSS) flaw triggered by crafting a malicious title that is submitted to admin/menus/menus or admin/taxonomy/vocabularies, with the impact being script execution when a user views the page. The root cause, as ...

CVE-2011-5329

The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562...

Code injection

The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562...

CVE-2011-5329

CVE-2011-5329 affects the WordPress redirection plugin prior to version 2.2.9 and describes an XSS in the admin menu (distinct from CVE-2011-4562). Connected Red Hat and NVD records corroborate the XSS in the same plugin family. The advisory does not provide additional exploitation details or pre...

PT-2019-9619 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the me link parameter, also known as the "Menu Link" parameter, in the adm/menu list update.php endpoint. This can be exploite...

CVE-2019-7169

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3...

CVE-2019-7169

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3...

Cross site scripting

An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMSMenu.php?lgid=1 during editing...

WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery / Privilege Escalation

Exploit Title: Admin Menu Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/ Software Link: https://wordpress.org/plugins/admin-menu-tree-page-view Version: 2.6.9...

WordPress Admin Menu Tree Page View 2.6.9 CSRF / Privilege Escalation

Exploit Title: Admin Menu Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/ Software Link: https://wordpress.org/plugins/admin-menu-tree-page-view Version: 2.6.9...

CVE-2017-6509

Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php id parameter...

CVE-2017-6509

Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php id parameter...

Wordpress admin-menu-editor plugin Full Path Disclosure vulnerability

Exploit for php platform in category web applications http://localhost/wp-content/plugins/admin-menu-editor/menu-editor.php Demo: http://jaguari.rs.gov.br/wp-content/plugins/admin-menu-editor/menu-editor.php http://eusoufan.com.br/wp-content/plugins/admin-menu-editor/menu-editor.php...

Admin menu items displayed to non-admins when accessing "Global Templates" page

When accessing the "Global Templates" menu as a non-admin, the navigation controls for the administration panel are displayed. The links cannot be used without entering new credentials, but it would be more consistent to hide the links from non-admins, just as we hide "System Administrator" links...

Admin menu items displayed to non-admins when accessing "Global Templates" page

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-21562. panel When accessing the "Global Templates" menu as a non-admin, the navigation controls for the administration panel are...

gpEasy 1.6.1 Cross Site Request Forgery

============================================= gpEasy Date : 04-29-2010 Site : http://www.giudinvx.altervista.org/ Location : Naples, Italy -------------------------------------------------------- Application Info Site : http://www.gpeasy.com/ Version: 1.6.1...

CVE-2009-2330

Cross-site scripting XSS vulnerability in admin/adminmenu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter...

MP Form Mail CGI vulnerability allows third party to gain administrative privileges

Overview MP Form Mail CGI from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges. MP Form Mail CGI from futomi's CGI Cafe is a software for sending contents entered into an HTML form via email. MP Form Mail CGI contains a vulnerability that allow...

PHP Classifieds 6.20 - Multiple Cross-Site Scripting Authentication Bypass Vulnerabilities

PHP Classifieds 6.20 - Multiple Cross-Site Scripting Authentication Bypass Vulnerabilities source: https://www.securityfocus.com/bid/28521/info PHP Classifieds is prone to multiple cross-site scripting vulnerabilities and an authentication-bypass vulnerability. An attacker may leverage these issu...