6 matches found
Cross site scripting
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator...
CVE-2021-25878
AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator...
CVE-2021-25876
AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator...
CVE-2020-15175 Unauthenticated File Deletion in GLPI
In GLPI before version 9.5.2, the pluginimage.send.php endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”...
WordPress Huge IT Portfolio Gallery 2.0.77 Cross Site Scripting
------------------------------------------------------------------------ Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin ------------------------------------------------------------------------ Antonis Manaras, July 2016...
WordPress Count Per Day 3.5.4 Cross Site Scripting
------------------------------------------------------------------------ Cross-Site Scripting in Count per Day WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 -----------------------------------------------------------------------...