Lucene search
K

4 matches found

Hacker One
Hacker One
added 2023/04/06 12:41 a.m.3 views

GitLab: HTML injection possible with soft email confirmations when Administrator manually confirms attacker email address

The vulnerability allowed an attacker to include an HTML payload in their email address. If an administrator manually confirmed the attacker's unconfirmed email address, the HTML payload was rendered within the context of the self-hosted GitLab instance...

6.6AI score
Exploits0
NVD
NVD
added 2020/01/06 7:15 p.m.27 views

CVE-2015-4039

Multiple cross-site scripting XSS vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified 1 profile fields or 2 new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmatio...

5.4CVSS5.2AI score0.02793EPSS
Exploits2References4
Prion
Prion
added 2020/01/06 7:15 p.m.22 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified 1 profile fields or 2 new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmatio...

3.5CVSS5.6AI score0.08311EPSS
Exploits5References4Affected Software1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.63 views

CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS]

Exploit Title: CVE-2015-4039 - WordPress WP Membership plugin Stored XSS Contact: https://twitter.com/panVagenas Vendor Homepage: http://wpmembership.e-plugins.com/ Software Link: http://codecanyon.net/item/wp-membership/10066554 Version: 1.2.3 Tested on: WordPress 4.2.2 CVE: CVE-2015-4039...

5.2AI score0.02793EPSS
Exploits2
Rows per page
Query Builder