CVE-2023-1374

The Solidres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'currencyname' parameter in versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator privileges to...

CVE-2022-25245

Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name...

The vulnerability of the hotel reservation plugin Solidres in the WordPress content management system allows attackers to execute cross-site scripting attacks.

The vulnerability of the hotel reservation plugin Solidres in the WordPress content management system exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site attacks using the currencyname parameter...

CVE-2023-1374

The Solidres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'currencyname' parameter in versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator privileges to...

CVE-2023-1374

The Solidres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'currencyname' parameter in versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator privileges to...

WordPress Plugin Solidres 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2022-25245

Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name...

CVE-2022-25245

Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name...

PT-2022-17176 · Zoho · Zoho Manageengine Servicedesk Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus versions prior to 13001 Description: The issue allows anyone to determine the organisation's default currency name. Recommendations: For versions prior to 13001, update to version 13001 or later to resolve t...

Cross-site Scripting (XSS)

Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing sanitization in AdminCurrencyController. PoC Login as manager/administrator, then go to Localisation Currencies. When adding or editing...