5078 matches found
CVE-2020-36756
The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the createcsvfile function. This makes it possible for unauthenticated attackers to create a CSV file via a forged...
CVE-2020-36756
The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the createcsvfile function. This makes it possible for unauthenticated attackers to create a CSV file via a forged...
CVE-2021-4422
The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport function. This makes it possible for unauthenticated attackers to trigger a CSV export via a...
Cross site request forgery (csrf)
The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the createcsvfile function. This makes it possible for unauthenticated attackers to create a CSV file via a forged...
CVE-2021-4422 POST SMTP Mailer <= 2.0.20 - Cross-Site Request Forgery Bypass
The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport function. This makes it possible for unauthenticated attackers to trigger a CSV export via a...
CVE-2020-36756 10WebAnalytics <= 1.2.8 - Cross-Site Request Forgery Bypass
The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the createcsvfile function. This makes it possible for unauthenticated attackers to create a CSV file via a forged...
WordPress Plugin 10WebAnalytics 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
CVE-2023-28958
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782...
CVE-2023-28958
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782...
Input validation
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782...
CVE-2023-28958 IBM Watson Knowledge Catalog CSV injection
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782...
CVE-2023-28958 IBM Watson Knowledge Catalog CSV injection
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782...
CVE-2023-28958
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is vulnerable to CSV Injection due to improper validation of CSV contents. A remote attacker could potentially execute arbitrary commands on the system. This CVE entry cites IBM X-Force ID 251782. No explicit remediation or affected version d...
Basic Inventory Stock Management And Invoicing 2.0 Insecure Direct Object Reference
==================================================================================================================================== | Title : Basic Inventory - Stock Management and Invoicing v2.0 Missing Authorization Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js fast-csv modules denial of service vulnerability( CVE-2020-26256)
Summary Potential Node.js fast-csv modules denial of service vulnerability CVE-2020-26256 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2020-26256 DESCRIPTION: Node.js fast-csv...
CVE-2023-3493
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3...
Input validation
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3...
CVE-2023-3493 Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3...
CVE-2023-3493
Summary: CVE-2023-3493 affects Fossbilling’s fossbilling/fossbilling prior to 0.5.3, caused by improper neutralization of formula elements in CSV exports (CSV injection). Affected software: fossbilling/fossbilling (GitHub) before version 0.5.3; affected artifact is the CSV export/handling functio...
CVE-2023-3493 Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3...