AddToAny Share Buttons < 1.7.48 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add the following payload in the Universal Button Image URL settings: " onerror=alert/XSS/ " The XSS...

The vulnerability of the `cp_plugins_do_button_job_later_callback` function in the Tree Sitemap WordPress plugin allows a hacker to execute arbitrary code.

The vulnerability of the cppluginsdobuttonjoblatercallback function in the Tree Sitemap WordPress plugin is related to authentication process errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

NetSetMan Pro 授权问题漏洞

NetSetMan Pro is a commercial version of NetSetMan's Network Setup Manager software. Easily switch between your pre-configured profiles. An authorization issue vulnerability exists in NetSetMan Pro, which originates from an unauthenticated attacker being able to open the Administrator shell and...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), apis-ampel (=0.1.0) +44 more potentially affected by CVE-2021-31542 via django (>=3.2.0 <=3.2.0rc1)

django PYPI version =3.2.0, =1.0.1a0, =0.2.0, =0.14.0, =0.13.0, =0.8.0, =0.9.16 and more Source cves: CVE-2021-31542 Source advisory: OSV:GHSA-RXJP-MFM9-W4WR...

CVE-2021-24188

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog,...

com.vaadin:flow (>=1.0.0 <=1.0.13), com.vaadin:flow-client (>=1.0.0 <=1.0.13) +30 more potentially affected by CVE-2021-31404 via com.vaadin:flow-server (>=1.0.0 <=1.0.13)

com.vaadin:flow-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =10.0.13, =10.0.17 - com.vaadin:vaadin-board-flow =2.0.1 - com.vaadin:vaadin-button-flow =1.0.0 - com.vaadin:vaadin-charts-flow =6.0.1 - com.vaadin:vaadin-checkbox-flow...

WordPress Like Button Rating 代码问题漏洞

WordPress Like Button Rating is a WordPress open source application. Fully customizable "Cool" button to add "Like" button. A security vulnerability exists in WordPress Like Button Rating 2.6.32, which stems from vulnerability to unauthenticated full-read server-side request forgery SSRF attacks...

CVE-2021-29249

BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability...

CVE-2021-29249

BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability...

Design/Logic Flaw

BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability...

CVE-2021-29249

BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability...

CVE-2021-29249

CVE-2021-29249 affects BTCPay Server prior to 1.0.6.0, with a privacy-oriented information disclosure when the payment button is used. The issue impacts confidentiality (partial) per NVD, with CVSS scores of 5.0 (2.0) and 7.5 (3.1) depending on metrics. A fix is available in version 1.0.6.0; upgr...

BTCPay Server 安全漏洞

BTCPay Server is a self-hosted open source cryptocurrency payment processor. It is secure, private, uncensored and free. An information disclosure vulnerability exists in BTCPay Server versions prior to 1.0.6.0 that stems from a privacy vulnerability when using the payment button. No details of t...

Reverse-Shell-Generator - Hosted Reverse Shell Generator With A Ton Of Functionality

Hosted Reverse Shell generator with a ton of functionality -- great for CTFs Hosted Instance https://revshells.com Features Generate common listeners and reverse shells Automatically copy to clipboard Button to increment the listening port number by 1 URI and Base64 encoding LocalStorage to persi...

Cross-site Scripting (XSS) - Generic in blackcatdevelopment/blackcatcms

✍️ Description 'Display name' Cross Site Scripting XSS 🕵️‍♂️ Proof of Concept 1. To exploit this vulnerability an attacker has a login in the admin panel and clicks on the admin profile button. Then use " onmouseover=alert1 " this XSS payload on Display name field and click on the Save button. 2...

MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting Vulnerability

Exploit Title: MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1220 Version: 1.8.22 Tested on: Windows 10 CVE: CVE-2021-28115 1. Description: This plugin adds a feedback...

MyBB OUGC Feedback 1.8.22 Cross Site Scripting

Exploit Title: MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting Date: 1/30/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1220 Version: 1.8.22 Tested on: Windows 10 CVE: CVE-2021-28115 1. Description: This plugin...

Textpattern CMS 4.8.4 Cross Site Scripting

Exploit Title: Textpattern CMS 4.8.4 - 'Comments' Persistent Cross-Site Scripting XSS Date: 2021-03-04 Exploit Author: Tushar Vaidya Vendor Homepage: https://textpattern.com Software Link: https://textpattern.com/start Version: v 4.8.4 Tested on: Windows Steps-To-Reproduce: 1. Login into...

jenkins: Stored XSS vulnerability in button labels

A flaw was found in jenkins. A cross-site scripting XSS vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity...

jenkins: Stored XSS vulnerability in button labels

A flaw was found in jenkins. A cross-site scripting XSS vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity...