104 matches found
GHSA-XJWX-78X7-Q6JC TYPO3 vulnerable to an HTML Injection in the History Module
Problem The history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. Solution Update to TYPO3...
relate 安全漏洞
RELATE is a web-based courseware package from the individual developer Andreas Klöckner. A security vulnerability exists in relate version v.2024.1, which stems from the presence of a server-side template injection SSTI vulnerability...
andreas-seier.eu Improper Access Control vulnerability OBB-3821121
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-49157
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andreas Münch Multiple Post Passwords allows Stored XSS.This issue affects Multiple Post Passwords: from n/a through 1.1.1...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andreas Münch Multiple Post Passwords allows Stored XSS.This issue affects Multiple Post Passwords: from n/a through 1.1.1...
CVE-2023-49157
CVE-2023-49157 affects WordPress plugin Multiple Post Passwords (by Andreas Münch). The issue is an Stored Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation. Affected versions are
andreas-stohrer.de Improper Access Control vulnerability OBB-3777951
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
andreas-diehl.de Improper Access Control vulnerability OBB-3777949
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
andreas-waschburger.de Improper Access Control vulnerability OBB-3769253
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
andreas-menz.de Improper Access Control vulnerability OBB-3769250
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
andreas-malessa.de Improper Access Control vulnerability OBB-3769246
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
andreas-hermuehlen.de Improper Access Control vulnerability OBB-3769244
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-41654
Cross-Site Request Forgery CSRF vulnerability in Andreas Heigl authLdap plugin = 2.5.8 versions...
CVE-2023-41654 WordPress authLdap Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Andreas Heigl authLdap plugin = 2.5.8 versions...
CVE-2023-41654 WordPress authLdap Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Andreas Heigl authLdap plugin = 2.5.8 versions...
CVE-2023-41655
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Andreas Heigl authLdap plugin = 2.5.9 versions...
CVE-2023-41655
CVE-2023-41655 affects the WordPress plugin authLdap (by Andreas Heigl). Public records describe an Authenticated Stored Cross-Site Scripting (XSS) vulnerability exploitable by an Administrator (admin+) due to input handling in the plugin. Vulnerable versions are listed as
CVE-2023-41655 WordPress authLdap Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Andreas Heigl authLdap plugin = 2.5.9 versions...
CVE-2023-41655 WordPress authLdap Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Andreas Heigl authLdap plugin = 2.5.9 versions...
andreas-balkenhol.de Cross Site Scripting vulnerability OBB-3615452
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...