177 matches found
CVE-2025-71166
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...
CVE-2025-71165
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...
CVE-2025-71165
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...
CVE-2025-71165
Summary: Typesetter CMS
CVE-2025-54990
XWiki AdminTools integrates administrative tools for managing a running XWiki instance. Prior to version 1.1, users without admin rights have access to AdminTools.SpammedPages. View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin...
CVE-2025-54990
CVE-2025-54990 affects XWiki AdminTools prior to version 1.1. The issue is that AdminTools.SpammedPages could be accessed by users without admin rights; while non-admin users reportedly could not see data, the page itself remained accessible due to insufficient permissions on the AdminTools space...
CVE-2025-54990 XWiki AdminTools application doesn't set permissions on the AdminTools space
XWiki AdminTools integrates administrative tools for managing a running XWiki instance. Prior to version 1.1, users without admin rights have access to AdminTools.SpammedPages. View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin...
EUVD-2025-198063
XWiki AdminTools application doesn't set permissions on the AdminTools space...
XWiki AdminTools application doesn't set permissions on the AdminTools space
Impact Users without admin rights have access to AdminTools.SpammedPages. Details View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin users, the page is still accessible. Workarounds Set the view rights for the AdminTools space to ...
Admin Tools Application 安全漏洞
Admin Tools Application is an advanced administration tool for XWiki open-sourced by the XWiki Foundation. A security vulnerability exists in versions of Admin Tools Application prior to 1.1, which stems from improper access control and could lead to non-administrative users accessing...
CVE-2025-11372
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...
Vvveb SQL注入漏洞
Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. A SQL injection vulnerability exists in Vvveb 1.0.7.3 and earlier versions, which stems from a SQL injection vulnerability in the Import function of the Raw SQL Handler...
EUVD-2025-34972
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...
CVE-2025-11372
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...
CVE-2025-11372
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...
CVE-2025-11372 LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...
CVE-2025-11372 LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...
CVE-2025-11372
CVE-2025-11372 affects the LearnPress – WordPress LMS Plugin (WordPress) up to and including version 4.2.9.3. The root cause is missing capability checks on Admin Tools REST endpoints, with permission_callback set to __return_true, enabling unauthenticated attackers to perform destructive databas...
VulnCheck KEV: CVE-2025-11372
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...
EUVD-2017-1486
Malware in sbrugna...