1339 matches found
MapSVG Lite <= 3.2.3 - Cross-Site Request Forgery (CSRF)
CSRF in the mapsvgsave AJAX method...
CVE-2018-20368
The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback...
Cross site scripting
The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php...
advancedcustomfields.com XSS vulnerability
Open Bug Bounty ID: OBB-707391 Description| Value ---|--- Affected Website:| advancedcustomfields.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
WordPress WP GDPR Compliance Plugin Privilege Escalation
The Wordpress GDPR Compliance plugin 'WordPress WP GDPR Compliance Plugin Privilege Escalation', 'Description' = %q The Wordpress GDPR Compliance plugin = v1.4.2 allows unauthenticated users to set wordpress administration options by overwriting values within the database. The vulnerability is...
Cross site request forgery (csrf)
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI...
CVE-2018-19332
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI...
Surreal ToDo 0.6.1.2 - SQL Injection
Surreal ToDo 0.6.1.2 - SQL Injection Exploit Title: Surreal ToDo 0.6.1.2 - SQL Injection Dork: N/A Date: 2018-11-08 Exploit Author: Ihsan Sencan Vendor Homepage: http://getsurreal.com/surrealtodo Software Link:...
CVE-2018-18717
An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists via the ajax.php?direct=admin&file=autocomplete&query=XSS URI...
Cross site scripting
An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists via the ajax.php?direct=admin&file=autocomplete&query=XSS URI...
CVE-2018-18717
CVE-2018-18717 affects Eleanor CMS up to 2015-03-19. It is an XSS vulnerability exploitable through the AJAX endpoint ajax.php?direct=admin&file=autocomplete&query=[XSS] where the attacker-controlled query is reflected in the response. NVD lists CVSSv2 base 3.5 (LOW) and CVSSv3 base 4.8 (MEDIUM)....
Flow-Flow Social Stream <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS)
Cross-Site Scripting XSS vulnerability in the JSON output by modifying the hash parameter in admin-ajax.php using the fetchposts action. Response Content-Type set to html. PoC http://www.example.com/wp-admin/admin-ajax.php?action=fetchposts&stream-id;=1=%3Cimg%20src=x%20onerror=alert1%3E...
ClipBucket 2.8 - id SQL Injection
ClipBucket 2.8 - id SQL Injection Exploit Title: ClipBucket 2.8 - 'id' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://clipbucket.com/ Software Link: https://sourceforge.net/projects/clipbucket/files/latest/download Version: 2.8.v3354 Category: Webapp...
ClipBucket 2.8 - 'id' SQL Injection
Exploit Title: ClipBucket 2.8 - 'id' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://clipbucket.com/ Software Link: https://sourceforge.net/projects/clipbucket/files/latest/download Version: 2.8.v3354 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
CVE-2018-18373
In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sbajaxaddmessage action...
CVE-2018-18373
CVE-2018-18373 concerns the Schiocco “Support Board – Chat And Help Desk” WordPress plugin (version 1.2.3). The stored XSS occurs in file upload areas within the Chat and Help Desk sections via the msg parameter in the /wp-admin/admin-ajax.php sb_ajax_add_message action. Multiple connected source...
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting Exploit Title: Wordpress Plugin Support Board 1.2.3 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: https://schiocco.com/ Software Link : https://board.support/ Software : Support Board - Chat And...
CVE-2018-18084
An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter...
Sql injection
An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter...
CVE-2018-18084
An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter...