15 matches found
Cross-site Scripting (XSS)
EasyAdmin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient restrictions on uploaded file types and serving uploaded files inline from the public web root, which allows an attacker to upload malicious HTML or SVG files that execute JavaScript in an administrator'...
EUVD-2023-38079
Malicious code in bioql PyPI...
CVE-2023-33929
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Joaquín Ruiz Easy Admin Menu plugin = 1.3 versions...
Easy Admin Menu <= 1.3 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-33929
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Joaquín Ruiz Easy Admin Menu plugin = 1.3 versions...
CVE-2023-33929
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Joaquín Ruiz Easy Admin Menu plugin = 1.3 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Joaquín Ruiz Easy Admin Menu plugin = 1.3 versions...
CVE-2023-33929
CVE-2023-33929 : A stored Cross-Site Scripting (XSS) vulnerability exists in the WordPress plugin Easy Admin Menu by Joaquín Ruiz, affecting versions 1.3 or apply vendor-provided mitigation if available. If upgrading is not possible, monitor for updates from the plugin vendor and affected sites.
WordPress plugin easy-admin-menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Easy Admin Menu Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)
Software Easy Admin Menu Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33929 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d28d5c2d98dc Credits Rio Darmawan Required...
smbind <= 0.4.7 - SQL Injection Vulnerability
No description provided by source. smbind = v.0.4.7 Sql Injection Site: https://sourceforge.net/projects/smbind/files/ Reported on 28/08/2010 Author: IHTeam Buggy code: ifisset$POST'username' && isset$POST'password' if!filteralphanum, $POST'username' or !filteralphanum, $POST'password' dieUsernam...
smbind 0.4.7 - SQL Injection
smbind query"SELECT ID FROM users WHERE username = '" . $SESSION'username' ."' AND password = '" . md5$SESSION'password' . " ' "; Easy admin login Enter in username field: admin'; Enter in password field: anything Sql query will result like this: SELECT ID FROM users WHERE username = 'admin'; ' A...
smbind 0.4.7 - SQL Injection
smbind 0.4.7 - SQL Injection smbind query"SELECT ID FROM users WHERE username = '" . $SESSION'username' ."' AND password = '" . md5$SESSION'password' . " ' "; Easy admin login Enter in username field: admin'; Enter in password field: anything Sql query will result like this: SELECT ID FROM users...
smbind <= v.0.4.7 Sql Injection Vulnerability
Exploit for php platform in category web applications ============================================= smbind query"SELECT ID FROM users WHERE username = '" . $SESSION'username' ."' AND password = '" . md5$SESSION'password' . " ' "; Easy admin login Enter in username field: admin'; Enter in password...
SMBind 0.4.7 SQL Injection
smbind query"SELECT ID FROM users WHERE username = '" . $SESSION'username' ."' AND password = '" . md5$SESSION'password' . " ' "; Easy admin login Enter in username field: admin'; Enter in password field: anything Sql query will result like this: SELECT ID FROM users WHERE username = 'admin'; ' A...