15 matches found
EUVD-2026-31044
The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...
CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters
The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...
CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters
The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...
EUVD-2020-5677
Malware in sbrugna...
EUVD-2008-3192
Malware in sbrugna...
CVE-2024-29832
The currenturl parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the currenturl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No...
CVE-2020-13423
Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Currenturl or email field, or the User-Agent HTTP header...
CVE-2024-29832 WordPress Photo Gallery Plugin <= 1.8.21 Unauthenticated Reflected Cross Site Scripting in GalleryBox current_url
The currenturl parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the currenturl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No...
CVE-2020-13423
Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Currenturl or email field, or the User-Agent HTTP header...
Cross site scripting
Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Currenturl or email field, or the User-Agent HTTP header...
CVE-2020-13423
Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Currenturl or email field, or the User-Agent HTTP header...
Cross-Site Scripting (XSS)
anchorcms/anchor-cms is susceptible to cross-site scripting XSS attacks. The attacks exist because it does not sanitize the raw current URL before returning it from currenturl function...
Wordpress Recommend-a-friend 插件-raf_form.php文件current_url参数-跨站脚本漏洞
No description provided by source...
Recommend a friend 2.0.2 - inc/raf_form.php current_url Parameter Reflected XSS
The Recommend to a friend WordPress plugin was affected by an inc/rafform.php currenturl Parameter Reflected XSS security vulnerability...
CVE-2013-7276
The CVE-2013-7276 entry concerns the WordPress plugin “Recommend to a friend” (plugin version 2.0.2) with a reflected XSS in inc/raf_form.php via the current_url parameter. The underlying cause is that user-supplied current_url is reflected, allowing remote attackers to inject arbitrary script/HT...