CVE-2022-45816

Auth. Stored Cross-Site Scripting XSS vulnerability in GD bbPress Attachments plugin = 4.3.1 on WordPress...

CVE-2022-45816

Auth. Stored Cross-Site Scripting XSS vulnerability in GD bbPress Attachments plugin = 4.3.1 on WordPress...

Cross site scripting

Auth. Stored Cross-Site Scripting XSS vulnerability in GD bbPress Attachments plugin = 4.3.1 on WordPress...

CVE-2022-45816

CVE-2022-45816 affects the WordPress plugin GD bbPress Attachments (versions ≤ 4.3.1). The vulnerability is an Authenticated Stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/escaping of settings, enabling elevated-privilege users (e.g., admins) to inject XSS. Public refe...

WordPress plugin GD bbPress Attachments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Redmine 安全漏洞

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides features such as project management, issue tracking and role-based access control. A security vulnerability exists in Redmine version 5.x up to and including version 5.0.4, which stems fr...

PT-2022-27647 · WordPress · Gd Bbpress Attachments

Name of the Vulnerable Software and Affected Versions: GD bbPress Attachments plugin versions = 4.3.1 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into the website,...

CVE-2022-44030

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user...

GD bbPress Attachments < 4.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2021-43258

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores...

PT-2022-11808 · Unknown · Churchinfo

Name of the Vulnerable Software and Affected Versions: ChurchInfo version 1.3.0 Description: The issue allows attackers to achieve remote code execution through insecure uploads in the ChurchInfo application. This requires authenticated access to the application. Once authenticated, a user can...

CVE-2022-43708

MyBB 1.8.31 has a issue 2 of 2 cross-site scripting XSS vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name...

CVE-2022-43708

MyBB 1.8.31 has a issue 2 of 2 cross-site scripting XSS vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name...

Cross site scripting

MyBB 1.8.31 has a issue 2 of 2 cross-site scripting XSS vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name...

Notorious Emotet Malware Returns With High-Volume Malspam Campaign

The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee. "Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week,...

PT-2022-27014 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.31 Description: The issue allows attackers to inject HTML by persuading the user to upload a file with a specially crafted name, exploiting cross-site scripting XSS vulnerabilities in the post Attachments interface...

CVE-2022-43708

CVE-2022-43708 affects MyBB 1.8.31. The issue is a cross-site scripting vulnerability in the post Attachments interface that lets an attacker inject HTML by tricking a user into uploading a file with a specially crafted name. Root cause noted as insufficient input filtering/escaping for attachmen...

CVE-2022-4055

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...

CVE-2022-4055

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...

CVE-2022-4055

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...