4 matches found
CVE-2021-47733
CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like '-alert1// and execute arbitrary JavaScript when victims interact with delete buttons...
CVE-2021-47733
CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like '-alert1// and execute arbitrary JavaScript when victims interact with delete buttons...
CVE-2021-47733 CMSimple 5.4 Cross-Site Scripting via HTML Unicode Encoding
CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like '-alert1// and execute arbitrary JavaScript when victims interact with delete buttons...
All In One Redirection < 2.2.0 - Admin+ SQLi
The plugin does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. When adding a redirection, sourceurlinsert is vulnerable with the payload: sourceurlinsert...