Cross site scripting

The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is...

CVE-2021-24833 YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Preview Module

The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to...

Improper Access Control in janeczku/calibre-web

Description Although a user has no permissions about public shelves, he can create them. Proof of Concept The method createshelf at shelf.py does not check if the user has public shelf permissions for create it. @shelf.route"/shelf/create", methods="GET", "POST" @loginrequired def createshelf:...

Copy your own portfolio to keep earning royalties

Handle jayjonah8 Vulnerability details Impact In NestedFactory.sol going through the create function which leads to the sendFeesWithRoyalties = addShares function, Im not seeing any checks preventing someone from copying their own portfolio and receiving royalty shares for it and simply repeating...

JetBrains TeamCity Permission Check Insufficient Vulnerability

TeamCity, a Java-based build management and continuous integration server from JetBrains, is vulnerable to insufficient privilege checking in the "Create Patch" feature in versions prior to JetBrains TeamCity 2021.1.2. No details of the vulnerability are currently available...

libwebp: out-of-bounds read in WebPMuxCreateInternal

A flaw was found in libwebp. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability...

CVE-2021-43199

In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient...

CVE-2021-43199

In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient...

Design/Logic Flaw

In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient...

CVE-2021-43199

In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient...

CVE-2021-43199

JetBrains TeamCity before 2021.1.2 is affected by insufficient permission checks in the Create Patch functionality. The issue (CVE-2021-43199) is documented across multiple sources, with remediation by upgrading to 2021.1.2 or later (as indicated by the JetBrains Q3 2021 security bulletin). Affec...

Jetbrains JetBrains TeamCity 安全漏洞

TeamCity, a Java-based build management and continuous integration server from JetBrains, is vulnerable to insufficient privilege checking in the "Create Patch" feature in versions prior to JetBrains TeamCity 2021.1.2. No details of the vulnerability are currently available...

PT-2021-23172 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: In affected versions, if tf.summary.create file writer is called with non-scalar...

PT-2021-8225 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to errors in resource management within the ovl component of the Linux kernel, specifically in the ovl create real and ovl mkdir real functions. This can potential...

CVE-2021-36550

TikiWiki v21.4 was discovered to contain a cross-site scripting XSS vulnerability in the component tiki-browsecategories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module...

CVE-2021-36550

TikiWiki v21.4 was discovered to contain a cross-site scripting XSS vulnerability in the component tiki-browsecategories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module...

CVE-2021-36550

CVE-2021-36550 affects TikiWiki v21.4 and stems from a cross-site scripting (XSS) flaw in the tiki-browse_categories.php component. The issue enables an attacker to run arbitrary web scripts or HTML via a crafted payload in the Create category module. The reports cite an XSS susceptibility but do...

Folder Lock Cross-Site Scripting Vulnerability

Folder Lock is a perfect data security application from NewSoftwares, Inc. Folder Lock is vulnerable to a cross-site scripting vulnerability in v3.4.5, which stems from the " Create Folder" function under the "Create" module lacks a data validation filter for user-supplied data and output. An...

Tiki Wiki 跨站脚本漏洞

Tiki Wiki is a Php-based wiki system for the Tiki community. A security vulnerability exists in TikiWiki v21.4 that allows an attacker to execute arbitrary web script or HTML via a crafted payload under the Create Category module...

in marcoax/magutticms

Description RCE via 'upload file image or document' on maguttiCms 8.62 allows remote authenticated administrators to execute arbitrary PHP code Proof of Concept // PoC.req POST /admin/api/uploadifiveSingle HTTP/1.1 Host: 127.0.0.1:8000 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15;...