CVE-2022-4663

The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the userlogin parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web...

Cross site scripting

The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the userlogin parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web...

CVE-2022-4663 Members Import <= 1.4.2 - Self Cross-Site Scripting

The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the userlogin parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web...

WordPress Plugin Members Import 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-14971 · WordPress · Members Import

Name of the Vulnerable Software and Affected Versions: Members Import plugin for WordPress versions up to, and including, 1.4.2 Description: The issue is related to Self Cross-Site Scripting via the user login parameter in an imported CSV file due to insufficient input sanitization and output...

Members Import <= 1.4.2 - XSS via Imported CSV

The plugin does not sanitise and escape imported CSV, which could allow attackers to perform Cross-Site Scripting attacks if they can make an admin import a malicious CSV file...

CVE-2022-37786

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the Home / Admin / Resources page, the Home / Admin / System Params page, and the Home / Design / Basekey Configuration page...

CVE-2022-37786

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the Home / Admin / Resources page, the Home / Admin / System Params page, and the Home / Design / Basekey Configuration page...

Input validation

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the Home / Admin / Resources page, the Home / Admin / System Params page, and the Home / Design / Basekey Configuration page...

CVE-2022-37786

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the Home / Admin / Resources page, the Home / Admin / System Params page, and the Home / Design / Basekey Configuration page...

CVE-2022-37786

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the Home / Admin / Resources page, the Home / Admin / System Params page, and the Home / Design / Basekey Configuration page...

CVE-2022-37786

CVE-2022-37786 corresponds to a WeCube Platform 3.2.2 vulnerability with multiple CSV injection flaws on specific UI pages (Home/Admin/Resources, Home/Admin/System Params, Home/Design/Basekey Configuration). The issue is described across multiple sources (NVD/NVD-derived, Red Hat CVE page, OSV, e...

The CSV import function in JSM Insight’s data processing center for Atlassian Jira Server and Data Center is vulnerable, allowing attackers to perform SSRF attacks.

The vulnerability of the CSV import function in JSM Insight, a data processing tool for Atlassian Jira Server and Data Center, is related to insufficient validation of requests at the server side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack remotely...

S3Crets_Scanner - Hunting For Secrets Uploaded To Public S3 Buckets

S3cret Scanner tool designed to provide a complementary layer for the Amazon S3 Security Best Practices by proactively hunting secrets in public S3 buckets. Can be executed as scheduled task or On-Demand Automation workflow The automation will perform the following actions: 1. List the public...

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 Cacti Blind Remote Code Execution Pre-Auth...

WP CSV to Database <= 2.6 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import

The plugin does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting. PoC Create a .txt file and the below line there: $ echo "" Make a logged in admin import the...

WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import

The plugin does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting. Create a .txt file and the below line there: $ echo "alert/XSS/" Make a logged in admin impo...

FarsightAD - PowerShell Script That Aim To Help Uncovering (Eventual) Persistence Mechanisms Deployed By A Threat Actor Following An Active Directory Domain Compromise

FarsightAD is a PowerShell script that aim to help uncovering eventual persistence mechanisms deployed by a threat actor following an Active Directory domain compromise. The script produces CSV / JSON file exports of various objects and their attributes, enriched with timestamps from replication...

CVE-2022-3605

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability...