6611 matches found
Exploit for Command Injection in Sophos Web_Appliance
Dork fofa title="Sophos Web Appliance" || app="Sophos-W...
CVE-2023-23892
CVE-2023-23892 affects the WordPress plugin “M Chart” by Jamie Poitra. Versions 1.9.4, specifically 1.10, to mitigate. Reported impact is confined to XSS with a Moderate CVSS baseline in public sources, and there is no explicit public exploitation detail in the provided documents. Recommend appl...
CVE-2022-48477
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing...
Design/Logic Flaw
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing...
CVE-2022-48477
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing...
CVE-2022-48477
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing...
CVE-2022-48477
JetBrains Hub prior to 2023.1.15725 contains a missing SSRF protection in the Auth Module integration. This affects JetBrains Hub versions before 2023.1.15725. Remediation: update to 2023.1.15725 or later (or apply restrictions to Auth Module access as a temporary workaround). The connected sourc...
PT-2023-15810 · Jetbrains · Jetbrains Hub
Name of the Vulnerable Software and Affected Versions: JetBrains Hub versions prior to 2023.1.15725 Description: The issue concerns a missing Server-Side Request Forgery SSRF protection in the Auth Module integration. This could potentially allow for unauthorized access or actions. No information...
Cross site scripting
Auth. contrinbutor+ Cross-Site Scripting XSS vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin = 1.9 versions...
CVE-2023-23816
CVE-2023-23816 is an authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Sitemap Index prior to version 1.2.3. Public sources consistently describe the issue as XSS that requires administrator privileges to exploit, affecting the plugin’s sitemap index handling...
CVE-2023-23817
CVE-2023-23817 details an XSS vulnerability in the WordPress Simple PDF Viewer (WebArea) Vera Nedvyzhenko plugin, affected versions 1.9 where available; monitor vendor advisories for a confirmed fixed release.
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Karishma Arora AI Contact Us Form plugin = 1.0 versions...
CVE-2023-23717
CVE-2023-23717 affects the WordPress plugin Portfolio Slideshow (George Gecewicz) up to version 1.13.0. It is a Cross-Site Scripting (XSS) vulnerability that can be triggered by users with contributor+ privileges; exploitation details are not provided in the documents, but Patchstack lists a low ...
CVE-2022-44743 WordPress Jobs for WordPress Plugin <= 2.5.11.2 is vulnerable to Cross Site Scripting (XSS)
Auth. author+ Stored Cross-Site Scripting XSS vulnerability in BlueGlass Jobs for WordPress plugin = 2.5.11.2 versions...
CVE-2022-45361 WordPress 0mk Shortener Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Boris Kuzmanov 0mk Shortener plugin = 0.2 versions...
CVE-2022-45361
CVE-2022-45361 affects the WordPress plugin 0mk Shortener up to version 0.2. The root cause is inadequate sanitisation/escaping of settings, enabling an authenticated admin+ to perform a Stored XSS, even when unfiltered_html is disallowed. Impact is described as admin-level XSS with low confident...
CVE-2023-24386
The CVE refers to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Karishma Arora AI Contact Us Form” versions <= 1.0. The issue is described as Auth. (admin+) XSS, indicating that authenticated users with admin-level privileges can exploit it. The root cause document...
CVE-2023-22698
CVE-2023-22698 affects WordPress Theme Blvd Responsive Google Maps Plugin (versions
CVE-2022-44594
Codebangers All in One Time Clock Lite plugin for WordPress is affected by a Stored XSS vulnerability in versions prior to 1.3.321 (the CVE-2022-44594 family). Exploitation concerns admin users (administrative privilege level). Mitigation: upgrade to version 1.3.321 or later to fix the issue. If ...
Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Exploit
!/usr/bin/python3 Exploit Title: Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Date: 2023/04/13 ExploitAuthor: msd0pe Project: https://github.com/waqaskanju/Chitor-CMS My Github: https://github.com/msd0pe-1 Patched the 2023/04/16: 69d3442 commit description = 'Chitor-CMS 1.1.2 Pre-Auth SQL Injection...