Cross site scripting

An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name...

Cross site scripting

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name...

CVE-2020-13868

The CVE-2020-13868 entry affects the Craft CMS Comments plugin prior to version 1.5.5, with a CSRF flaw that can compromise the integrity of comments. The connected sources confirm the vulnerability and link to a changelog entry noting the fixed version (1.5.5, dated 2020-05-28). No exploitation ...

CVE-2020-13868

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity...

CVE-2020-13869

The CVE-2020-13869 issue affects the Craft CMS Comments plugin prior to version 1.5.6. It enables stored XSS via the guest name field, due to insufficient input sanitization (as corroborated by multiple sources). Impact: attacker-supplied guest name can inject scripts and run in a user’s browser....

CVE-2020-13869

An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name...

CVE-2020-13870

CVE-2020-13870 affects the Craft CMS Comments plugin prior to 1.5.5, with a stored XSS flaw via an asset volume name. Root cause: lack of input validation leading to stored XSS. Impact is dependent on affected Craft CMS deployments; remediation is to upgrade the Comments plugin to 1.5.5 or later....

CVE-2020-13870

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name...

CVE-2017-18608

The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues...

CVE-2014-10382

The CVE-2014-10382 vulnerability affects the WordPress feature-comments plugin prior to version 1.2.5. It is a cross‑site request forgery (CSRF) flaw that allows an attacker to perform actions like featuring or burying comments by authenticated/unauthenticated users depending on the context descr...

Lapis Reviews plugin has xss vulnerability

Lai Bili Comments Plugin is a comment management plugin that uses social networking site accounts to log in, eliminating the registration process and increasing users' willingness to engage and communicate. An xss vulnerability exists in Lai Bili Comment Plugin, which can be exploited by attacker...

WordPress Subscribe To Comments Reloaded plugin cross-site request forgery vulnerability (CNVD-2018-06862)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Subscribe To Comments Reloaded plugin is used in one of the subscription management plugin. A cross-site request...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disablecommentssettings page to wp-admin/options-general.php...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via a request to the...

CVE-2016-1000112

Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the 1 buried or 2 featured status of a comment via a request to wp-admin/admin-ajax.php...

CVE-2014-4163

The CVE-2014-4163 entry documents a CSRF vulnerability in the WordPress Featured Comments plugin (version 1.2.1). The issue allows an attacker to hijack administrator-authenticated requests to wp-admin/admin-ajax.php to change a comment’s status (buried/featured). Affected software: Featured Comm...

Code injection

lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments aka feedback comments of arbitrary users via a crafted URI...

Flatpress 0.909.1 - Persistent Cross-Site Scripting

Flatpress 0.909.1 - Persistent Cross-Site Scripting Title: FlatPress 0.909.1 Stored XSS Vendor: http://www.flatpress.org Dork: "powered by FlatPress" AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory:...

Cross site scripting

Cross-site scripting XSS vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the 1 url and 2 author fields...