46 matches found
CVE-2022-37338 WordPress Blossom Recipe Maker plugin <= 1.0.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerabilities in Blossom Recipe Maker plugin = 1.0.7 at WordPress...
CVE-2021-41002
Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch...
CVE-2021-36919 WordPress Awesome Support plugin <= 6.0.6 - Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Reflected Cross-Site Scripting XSS vulnerabilities in WordPress Awesome Support plugin versions = 6.0.6, vulnerable parameters &id, &assignee...
Media File Manager <= 1.4.2 - Authenticated Multiple Vulnerabilities
Following the PoC you can combine the vulnerabilities to obtain PHP code execution and read sensitive file. By default the File Manager can only be used by Administrator users, however, any user role can be configured to use it. PoC Diretory Trasversal: POST /wordpress/wp-admin/admin-ajax.php...
Open redirect
An issue was discovered in Kabona AB WebDatorCentral WDC application prior to Version 3.4.0. This non-validated redirect/non-validated forward OPEN REDIRECT allows chaining with authenticated vulnerabilities...
CVE-2016-8376
An issue was discovered in Kabona AB WebDatorCentral WDC application prior to Version 3.4.0. This non-validated redirect/non-validated forward OPEN REDIRECT allows chaining with authenticated vulnerabilities...