18 matches found
CVE-2020-37227
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...
CVE-2020-37227 WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...
CVE-2020-37227
HS Brand Logo Slider 2.1 (a WordPress plugin) has an unrestricted file upload vulnerability. Authenticated users can bypass client-side extension checks by targeting the logoupload parameter in the admin interface and rename uploaded files to executable extensions such as .php, enabling remote co...
CVE-2020-37227 WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...
WordPress plugin HS Brand Logo Slider 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update
An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
GHSA-3P6C-9XHM-8X7H October CMS XSS
October CMS build 412 is vulnerable to stored XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...
October CMS XSS
October CMS build 412 is vulnerable to stored XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...
WordPress Plugin HS Brand Logo Slider 'logoupload' File Upload Vulnerability
WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A file upload vulnerability exists in the WordPress plugin HS Brand Logo Slider 'logoupload...
WordPress Helios Solutions Brand Logo Slider plugin <= 2.1 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability found by Net-Hunter in WordPress Helios Solutions Brand Logo Slider plugin versions = 2.1. Solution 2020-12-03 - we found only notification from wordpress.org plugin repository "This plugin has been closed as of October 21, 2020 and is not availab...
Helios Solutions Brand Logo Slider <= 2.1 - Authenticated Arbitrary File Upload
An Authenticated user admin+ can bypass the security check of the plugin and upload arbitrary files via the Brand Logo. PoC The PoC will be displayed once the issue has been remediated...
WordPress HS Brand Logo Slider 2.1 Shell Upload
Exploit Title: WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload Date: 2020-10-20 Exploit Author: Net-Hunter Google Dork: N/A Software Link: https://ms.wordpress.org/plugins/hs-brand-logo-slider/ Vendor Homepage: https://www.heliossolutions.co/ Tested on: Linux Apache / Wordpre...
Cross-site Scripting (XSS)
October CMS is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the brand logo image name, allowing a malicious user to inject and execute arbitrary Javascript...
CVE-2017-1000193
October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...
CVE-2017-1000193
October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...
CVE-2017-1000193
October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...
CVE-2017-1000193
October CMS 412 is reported to be vulnerable to a stored XSS (WCI) via the brand logo image name, allowing injected JavaScript to execute in the victim’s browser. The root cause, as described in the connected materials, is a stored XSS flaw in the brand logo handling. The documents do not specify...
October CMS Cross-Site Scripting Vulnerability (CNVD-2017-37277)
OctoberCMS is a CMS system based on Laravel PHP development framework. A cross-site scripting vulnerability exists in the brand logo image name in October CMS build 412. An attacker can exploit this vulnerability to execute JavaScript code in the victim's browser...