66 matches found
EUVD-2022-29464
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
org.opencms, opencms-core is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper handling of the author parameter under the Create/Modify article function, allowing attackers to inject arbitrary web scripts or HTML via a crafted payload...
GHSA-VQ95-6X79-QV8J Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...
Alkacon OpenCMS 安全漏洞
Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from improper handling of the author parameter and could lead to a stored cross-site scripting attack...
The vulnerability of the HUSKY plugin – Products Filter Professional for WooCommerce (formerly WOOF) of the WordPress content management system – relates to the failure to protect the SQL query structure. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the HUSKY plugin – Products Filter Professional for WooCommerce previously WOOF of the WordPress content management system – is related to the lack of protection for the SQL query structure when processing the woofauthor parameter. Exploiting this vulnerability allows an...
PT-2024-5249
Name of the Vulnerable Software and Affected Versions: HUSKY – Products Filter Professional for WooCommerce plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is related to a time-based SQL Injection vulnerability via the woof author parameter. This vulnerability is...
CVE-2024-0855
The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+...
ThinuTech ThinuCMS 跨站脚本漏洞
ThinuTech ThinuCMS is a fast and secure PHP blogging system from ThinuTech. A cross-site scripting vulnerability exists in ThinuTech ThinuCMS version 1.5, which stems from the parameter author in the file /authorposts.php that causes cross-site scripting...
PT-2023-25214 · Thinutech · Thinucms
Name of the Vulnerable Software and Affected Versions: ThinuTech ThinuCMS version 1.5 Description: A vulnerability has been found in an unknown functionality of the file /author posts.php. The manipulation of the argument author with the input g6g12alert1o8sdm leads to cross site scripting. The...
Stored XSS via blog author parameter on admin.php?p=config
Description The blog author parameter is unsanitized on the page admin.php?p=config. In this way is possible to inject arbitrary javascript code Proof of Concept - Login as regular user - Go to http://localhost/flatpress/admin.php?p=config - Set as blog author "alertdocument.domain - Refresh page...
Simple Online Book Store System 跨站脚本漏洞
Simple Online Book Store System is a simple online bookstore system by Carlo Montero, an individual developer. A security vulnerability in the Title, Author, and Description parameters of the adminbook.php file in Simple Online Book Store System version 1.0 can be exploited to cause cross-site...
PT-2022-24074 · Unknown · Simple Online Book Store System
Name of the Vulnerable Software and Affected Versions: Simple Online Book Store System version 1.0 Description: The issue concerns Cross Site Scripting XSS in the /admin book.php file, where the Title, Author, and Description parameters are vulnerable. This allows for potential malicious script...
CVE-2022-2939
The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the /cerber-load.php file. In...
CVE-2022-2939
The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the /cerber-load.php file. In...
PT-2022-19570 · WordPress · Wp Cerber Security
Name of the Vulnerable Software and Affected Versions: WP Cerber Security plugin for WordPress versions up to, and including 9.0 Description: The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass, making user enumeration possible. This is due to improper validati...
CVE-2022-38812
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter...
CVE-2022-38812
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter...
CVE-2022-38812
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter...
Sql injection
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter...
CVE-2022-38812
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter...