4 matches found
GitLab: HTML injection possible with soft email confirmations when Administrator manually confirms attacker email address
The vulnerability allowed an attacker to include an HTML payload in their email address. If an administrator manually confirmed the attacker's unconfirmed email address, the HTML payload was rendered within the context of the self-hosted GitLab instance...
CVE-2015-4039
Multiple cross-site scripting XSS vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified 1 profile fields or 2 new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmatio...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified 1 profile fields or 2 new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmatio...
CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS]
Exploit Title: CVE-2015-4039 - WordPress WP Membership plugin Stored XSS Contact: https://twitter.com/panVagenas Vendor Homepage: http://wpmembership.e-plugins.com/ Software Link: http://codecanyon.net/item/wp-membership/10066554 Version: 1.2.3 Tested on: WordPress 4.2.2 CVE: CVE-2015-4039...