EUVD-2021-25675

Malware in sbrugna...

PT-2024-28813 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in idccms. The vulnerability can be exploited via the "/admin/serverFile deal.php" endpoint, specifically when the mudi parameter is set to "upFileDel" an...

CVE-2024-40334

idccms v1.35 contains a Cross-Site Request Forgery (CSRF) vulnerability affecting the endpoint /admin/serverFile_deal.php?mudi=upFileDel&dataID=3. The issue stems from CSRF in the admin file-deletion flow, with CVSS 3.1 base metrics indicating HIGH impact on confidentiality, integrity, and availa...

CVE-2024-35010

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/bannerdeal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6...

CVE-2021-39314

The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the /includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...

CVE-2021-39314

The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the /includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...

Cross site scripting

The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the /includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...

CVE-2021-39314 WooCommerce EnvioPack <= 1.2 Reflected Cross-Site Scripting

The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the /includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...

CVE-2021-39314 WooCommerce EnvioPack <= 1.2 Reflected Cross-Site Scripting

The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the /includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WooCommerce EnvioPack plugin is a WordPress open source application plugin.The WordPress WooCommerce EnvioPack plugin h...