Lucene search
K

5079 matches found

Cvelist
Cvelist
added 2021/11/08 5:35 p.m.16 views

CVE-2021-24708 WP All Export < 1.3.1 - Admin+ Stored Cross-Site Scripting

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.1AI score0.00598EPSS
Exploits2References1
CVE
CVE
added 2021/11/08 5:35 p.m.51 views

CVE-2021-24708

The CVE-2021-24708 entry corresponds to the WordPress plugin “Export any WordPress data to XML/CSV” (pre-1.3.1) and describes a stored Cross-Site Scripting (XSS) vulnerability in the Manage Exports UI: the plugin does not escape the Export name before output, enabling high-privilege users to trig...

4.8CVSS4.8AI score0.00598EPSS
Exploits2References1Affected Software1
Fedora
Fedora
added 2021/11/08 1:15 a.m.12 views

[SECURITY] Fedora 33 Update: rpki-client-7.4-1.fc33

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

7AI score
Exploits0
Fedora
Fedora
added 2021/11/08 1:12 a.m.13 views

[SECURITY] Fedora 34 Update: rpki-client-7.4-1.fc34

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

7AI score
Exploits0
CNVD
CNVD
added 2021/11/04 12:0 a.m.14 views

WordPress Connections Business Directory plugin CSV injection vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Connections Business Directory plugin version 9.7 previously had a CSV injection vulnerability, which stem...

8CVSS2.8AI score0.01207EPSS
Exploits1References1
NVD
NVD
added 2021/11/03 11:15 a.m.12 views

CVE-2021-40848

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection...

7.8CVSS0.00958EPSS
Exploits0References2
OSV
OSV
added 2021/11/03 11:15 a.m.14 views

CVE-2021-40848

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection...

7.8CVSS7.2AI score
Exploits0References2
Prion
Prion
added 2021/11/03 11:15 a.m.16 views

Input validation

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection...

6.8CVSS7.7AI score0.00958EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/11/03 10:11 a.m.45 views

CVE-2021-40848

Summary: CVE-2021-40848 affects Mahara. Exports in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0 may produce CSV files containing characters that a spreadsheet can interpret as commands, enabling execution of a malicious string locally on a device (CSV injection). Root cause: crafted conte...

7.8CVSS7.9AI score0.00958EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/11/03 10:11 a.m.17 views

CVE-2021-40848

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection...

8.6AI score0.00958EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/11/03 12:0 a.m.7 views

Catalyst It Ltd Mahara Cms 安全漏洞

Catalyst It Ltd Mahara Cms is a fully featured electronic portfolio, blog, resume builder and social networking system from Catalyst It Ltd in New Zealand. Used to connect users and create online communities. A security vulnerability exists in Catalyst It Ltd Mahara Cms that stems from an exporte...

7.8CVSS7.5AI score0.00958EPSS
Exploits0References2
NVD
NVD
added 2021/11/01 9:15 a.m.12 views

CVE-2020-36503

The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue...

8CVSS0.01207EPSS
Exploits1References2
OSV
OSV
added 2021/11/01 9:15 a.m.10 views

CVE-2020-36503

The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue...

8CVSS7AI score
Exploits0References2
Prion
Prion
added 2021/11/01 9:15 a.m.14 views

Design/Logic Flaw

The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue...

6CVSS7.9AI score0.01207EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/11/01 8:45 a.m.45 views

CVE-2020-36503

The CVE concerns the WordPress Connections Business Directory plugin prior to version 9.7, where some connection fields are not validated or sanitized, enabling CSV injection. The issue is documented as a CSV injection vulnerability with a high impact potential (CVSS v3.1: 8.0, HIGH; v2.0: 6.0, M...

8CVSS8AI score0.01207EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/11/01 8:45 a.m.11 views

CVE-2020-36503 Connections Business Directory < 9.7 - Admin+ CSV Injection

The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue...

8AI score0.01207EPSS
Exploits1References2
Kitploit
Kitploit
added 2021/10/31 11:30 a.m.33 views

PeTeReport - An Open-Source Application Vulnerability Reporting Tool

PeTeReport Pe nTe st Report is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detaile...

7.2AI score
Exploits0References8
NVD
NVD
added 2021/10/27 1:15 a.m.13 views

CVE-2021-37131

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...

6.8CVSS0.00561EPSS
Exploits0References1
Prion
Prion
added 2021/10/27 1:15 a.m.15 views

Input validation

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...

6CVSS6.6AI score0.00561EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2021/10/27 12:29 a.m.19 views

CVE-2021-37131

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...

6.7AI score0.00561EPSS
Exploits0References1
Rows per page
Query Builder