143 matches found
CVE-2022-0161
The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
Cross site scripting
The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0161 ARI Fancy Lightbox < 1.3.9 - Reflected Cross-Site Scripting
The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0161
The CVE-2022-0161 issue affects the WordPress plugin ARI Fancy Lightbox prior to version 1.3.9. The root cause is failure to sanitize and escape the msg parameter when rendering it on an admin page, which enables a Reflected Cross-Site Scripting (XSS) vulnerability. Affected product: ARI Fancy Li...
WordPress plugin 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. cross-site scripting vulnerability exists in versions of the WordPress ARI Fancy Lightbox plugin prior to 1.3.9, which stems from a...
WordPress ARI Stream Quiz plugin <= 1.2.26 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress ARI Stream Quiz plugin versions = 1.2.26. Solution Update the WordPress ARI Stream Quiz plugin to the latest available version at least 1.2.27...
ARI Fancy Lightbox < 1.3.9 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=ari-fancy-lightbox=%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E...
WordPress ARI Fancy Lightbox plugin <= 1.3.8 - Reflected Cross-Site Scripting (XSS) vulnerabilities
Reflected Cross-Site Scripting XSS vulnerabilities discovered by Krzysztof Zając in WordPress ARI Fancy Lightbox plugin versions = 1.3.8. Solution Update the WordPress ARI Fancy Lightbox plugin to the latest available version at least 1.3.9...
ARI Fancy Lightbox < 1.3.9 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=ari-fancy-lightbox&msg=%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E...
CVE-2020-19156
Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...
CVE-2020-19156
Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...
CVE-2020-19156
Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...
CVE-2020-19156
CVE-2020-19156 affects Ari Adminer v1 (WordPress plugin). An XSS flaw in the Add New Connections -> save() path via the Title parameter allows remote input handling that could lead to code execution. Root cause: insufficient input sanitization in the vulnerable component. Impact stated as XSS ...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...
Debian DLA-1823-1 : linux security update (SACK Panic) (SACK Slowness)
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi mwifiex driver, which a local user could use to cause...
ARI Quiz Component SQL Injection Vulnerability in Joomla!
Joomla! is a Content Management System CMS. A SQL injection vulnerability exists in the ARI Quiz component of Joomla! An attacker can trick the server into executing malicious SQL commands by inserting SQL commands into the query string of a web form submission or input domain or page request...
Joomla! Component ARI Quiz 3.7.4 - SQL Injection
Exploit Title: Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 27, 2019 Vendor Homepage: http://www.ari-soft.com Software Link :...
Joomla! Component ARI Quiz 3.7.4 - SQL Injection
Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Title: Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 27, 2019 Vendor Homepage: http://www.ari-soft.com Software Link :...
Joomla ARI Quiz 3.7.4 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: email protected Discovery Date: April 27, 2019 Vendor Homepage: http://www.ari-soft.com Software Link :...
Joomla ARI Quiz 3.7.4 SQL Injection
Exploit Title: Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 27, 2019 Vendor Homepage: http://www.ari-soft.com Software Link :...