3 matches found
CVE-2024-52701
A stored cross-site scripting XSS vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter...
CVE-2025-4526
CVE-2025-4526 affects Dígitro NGC Explorer 3.44.15, specifically the Configuration Page. The issue is that the password field is not masked, exposing passwords in the UI. The vulnerability can be initiated remotely, per multiple sources, with vendor contact noted but no response. Impact is descri...
CVE-2023-1604 Short URL <= 1.6.8 - Cross-Site Request Forgery via configuration_page
The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configurationpage function. This makes it possible for unauthenticated attackers to add and import redirects, includi...