2480 matches found
TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery Vulnerability
CSRF Change Forward Power: -------------------------...
PT-2023-32222 · Tenable · Nessus Network Monitor
Name of the Vulnerable Software and Affected Versions: Nessus Network Monitor affected versions not specified Description: The issue arises from insufficient input validation in Nessus Network Monitor, potentially allowing an admin user to modify parameters and enable a blind SQL injection under...
Foreman: Arbitrary code execution through templates
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system...
CVE-2023-45906
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/user/add...
Cross site request forgery (csrf)
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/user/add...
PT-2023-29760 · Unknown · Dreamer Cms
Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.1.3 Description: A Cross-Site Request Forgery CSRF issue was discovered in Dreamer CMS via the component /admin/user/add. This allows for unauthorized actions to be performed on behalf of an authenticated user...
Dreamer CMS Cross-Site Request Forgery Vulnerability
Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS version v4.1.3. An attacker can exploit this vulnerability to conduct cross-site request forgery CSRF attacks via the component /admin/user/add...
CVE-2023-45906
Dreamer CMS 4.1.3 is affected by a CSRF in the /admin/user/add functionality. The root cause is a Cross-Site Request Forgery vulnerability that allows unauthorized actions to be performed on behalf of an authenticated user. The NVD entry confirms high impact (C/H/I/A) with CVSS 3.1 base score 8.8...
Awesome Support < 6.1.5 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC Visit the following URL as an admin user, with any valid ticket ID. Press the acce...
Awesome Support < 6.1.5 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Visit the following URL as an admin user, with any valid ticket ID. Press the access k...
Gutenberg < 16.8.1 - Contributor+ Stored XSS
Description The plugin does not adequately escape the content of the footnotes within the paragraph block of the block editor, leading to a Contributor+ Cross-Site Scripting vulnerability. 1. Create a new post as a Contributor user. 2. Add a paragraph block and add a footnote to the paragraph. 3...
Gutenberg < 16.8.1 - Contributor+ Stored XSS
Description The plugin does not adequately escape the content of the footnotes within the paragraph block of the block editor, leading to a Contributor+ Cross-Site Scripting vulnerability. PoC 1. Create a new post as a Contributor user. 2. Add a paragraph block and add a footnote to the...
CVE-2023-27316
SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...
CVE-2023-27316 Privilege Escalation Vulnerability in SnapCenter
SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...
CVE-2023-27316 Privilege Escalation Vulnerability in SnapCenter
SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...
CVE-2023-27313
SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user...
CVE-2023-27313 Privilege Escalation Vulnerability in SnapCenter
SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user...
CVE-2023-43149
SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery CSRF that allows a remote attacker to add an admin user with role status...
CVE-2023-43149
SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery CSRF that allows a remote attacker to add an admin user with role status...
CVE-2023-43149
SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery CSRF that allows a remote attacker to add an admin user with role status...