Custom Admin Page by BestWebSoft < 0.1.2 - Cross-Site Scripting

The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues. id: CVE-2017-18493 info: name: Custom Admin Page by BestWebSoft 0.1.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The custom-admin-page plugin before 0.1.2 for WordPress has multiple...

CVE-2026-7616 Zawgyi Embed <= 2.1.1 - Cross-Site Request Forgery via 'zawgyi_forceCSS' Parameter

The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyiadminpage function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2026-2145

A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipulation of the argument nginxDir leads to cross site scripting. The attack can be executed remotely...

CVE-2026-2145 cym1102 nginxWebUI Web Management check cross site scripting

A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipulation of the argument nginxDir leads to cross site scripting. The attack can be executed remotely...

PT-2026-6971

Name of the Vulnerable Software and Affected Versions cym1102 nginxWebUI versions through 4.3.7 Description A cross site scripting issue exists in cym1102 nginxWebUI. The issue is related to manipulation of the nginxDir argument within an unknown function of the file /adminPage/conf/check, part o...

EUVD-2018-20550

Malware in sbrugna...

CVE-2018-8942

Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter...

CVE-2024-3740

A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has...

CVE-2024-3738

A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. T...

nginxWebUI 信任管理问题漏洞

nginxWebUI is an nginx web configuration tool. A trust management issue vulnerability exists in nginxWebUI, which stems from improper certificate validation of the nginxPath parameter of the handlePath method of the /adminPage/conf/saveCmd file. An attacker could exploit this vulnerability to cau...

nginxWebUI 代码问题漏洞

nginxWebUI is a nginx web configuration tool. cym1102 A code issue vulnerability exists in nginxWebUI version 3.9.9, which stems from an unrestricted file upload in the upload method of the /adminPage/main/upload file...

nginxWebUI 操作系统命令注入漏洞

nginxWebUI is an nginx web configuration tool. An operating system command injection vulnerability exists in nginxWebUI, which stems from the file parameter of the /adminPage/main/upload file failing to properly filter constructed command special characters, commands, and so on. An attacker can...

Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting

The plugin does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=hfcm-list&'...

CVE-2018-8942

Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter...

CVE-2018-8942

Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter...

Design/Logic Flaw

Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter...

CVE-2018-8942

CVE-2018-8942 affects Xiuno BBS 4.0.0 and is a cross-site scripting (XSS) vulnerability in the admin page, specifically the sitename parameter. The connected records consistently describe XSS in the admin sitename field; Red Hat, CNVD, and CVE listings corroborate the issue. The documents do not ...

CVE-2017-6556

CMS Made Simple (CMSMS) 2.1.6 is affected by a cross-site scripting (XSS) vulnerability that allows remote authenticated users to inject arbitrary script/HTML via the adminpage &gt; sitesetting &gt; General Settings &gt; globalmetadata field. The issue stems from inadequate input validation in th...

CMS-e-quota.net bypass adminpage Vulnerability

No description provided by source...

AlkalinePHP <= 0.77.35 (adduser.php) Arbitrary Add-Admin Vuln

No description provided by source. --==+================================================================================+==-- --==+ AlkalinePHP = 0.77.35 adduser.php Arbitrary Add-Admin +==-- --==+================================================================================+==-- Discovered By:...