WordPress 跨站脚本漏洞

WordPress is a set of blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress YOP Poll Plugin, which stems from a lack of...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Plugin YOP Poll, which stems from the...

dgyzgx.com Cross Site Scripting vulnerability OBB-2162764

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-21941

A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution...

CVE-2021-34766

A vulnerability in the web UI of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the Syst...

Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting (XSS)

Exploit Title: Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting XSS Date: 2021-10-03 Exploit Author: Jordan Glover Vendor Homepage: https://www.sourcecodester.com/php/12684/young-entrepreneur-e-negosyo-system.html Software Link:...

in cortezaproject/corteza-server

Set up the cortezaproject in your local machine. Steps: -------- 1. Create the account on corteza 2. Login using same credentails from chrome and firefox. 3. Change user password from chrome. 4. Perform any activity in Firefox the session is still valid. Mitigation: --------------- After changing...

CVE-2021-41847

An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credential...

Cross-Site Request Forgery (CSRF) in collectiveaccess/pawtucket2

Description The following endpoints are vulnerable to CSRF attacks via GET requests even though they use AJAX: 1: Delete lightbox 2: Delete comments 3: Create comments 4: Create comments on objects 5: Add items into lightbox 6: Delete items from lightbox Proof of Concept Copy and paste the...

DRUPAL-CONTRIB-2021-035

This module provides a powerful interface for managing a taxonomy vocabulary. A vocabulary gets displayed in a dynamic tree view, where parent terms can be expanded to list their nested child terms or can be collapsed. The module does not take the correct user permissions into account, allowing a...

Taxonomy Manager - Moderately critical - Access bypass - SA-CONTRIB-2021-035

This module provides a powerful interface for managing a taxonomy vocabulary. A vocabulary gets displayed in a dynamic tree view, where parent terms can be expanded to list their nested child terms or can be collapsed. The module does not take the correct user permissions into account, allowing a...

CVE-2021-24605

The createpostpage AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6 available to authenticated user does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue...

ROS-2-1265

2.1265 PostgreSQL update with vulnerability fixes CVE-2020-25695, CVE-2020-25694,CVE-2020-25696 1. Vulnerability Description: The CVE-2020-25695 vulnerability allows arbitrary SQL functions to be executed with administrator privileges with access to create persistent objects in any storage schema...

ROS-2-460

2.460 PostgreSQL update with vulnerability fixes CVE-2020-25695, CVE-2020-25694,CVE-2020-25696 1. Vulnerability Description: The CVE-2020-25695 vulnerability allows arbitrary SQL functions to be executed with administrator privileges with access to create persistent objects in any storage schema...

ROS-2-1235

2.1235 PostgreSQL update with vulnerability fixes CVE-2020-25695, CVE-2020-25694,CVE-2020-25696 1. Vulnerability Description: The CVE-2020-25695 vulnerability allows arbitrary SQL functions to be executed with administrator privileges with access to create persistent objects in any storage schema...

CVE-2021-24513

Affected software: WordPress Form Builder plugin (pre-1.9.8.4). Vulnerability: Authenticated stored XSS via unsanitized/unsted Form Title. Root cause: Form Title not sanitized/escaped, enabling injection by privileged users (e.g., admin). Impact: Client-side script execution in admin context; aff...

@breautek/storm (>=2.0.0 <=3.0.0-rc.0), create-react-solution (>=1.2.0 <=4.4.1) +2 more potentially affected by CVE-2021-23421 via merge-change (>=1.5.3 <=1.8.1)

merge-change NPM version =1.5.3, =2.0.0, =1.2.0, =1.5.0, =4.0.0, =4.4.1 Source cves: CVE-2021-23421 Source advisory: OSV:GHSA-F9CV-665R-275H...

Solarwinds Orion Platform跨站脚本漏洞

Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, as well as support for customized web interfaces, multiple user comments, and map-based views of the entire...

MySQL User-Defined (Linux) x32 / x86_64 - (sys_exec) Local Privilege Escalation Exploit (2)

Exploit Title: MySQL User-Defined Linux x32 / x8664 - 'sysexec' Local Privilege Escalation 2 Exploit Author: ninpwn Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL 4.x/5.x Tested on: Debian GNU/Linux 9 / mysql Ver 14.14 Distrib 5.7.30, for Linux x8664 using...

CVE-2020-18467

Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...