Lucene search
K

28 matches found

CNNVD
CNNVD
added 2021/08/23 12:0 a.m.5 views

Wordpress Plugin Edit Comments SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. Wordpress Plugin Edit Comments suffers from a SQL...

9.8CVSS8.5AI score0.01911EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/07/24 12:0 a.m.7 views

Edit Comments <= 0.3 - Reflected Cross-Site Scripting

The plugin does not sanitise, validate or escape the jaleditcomments GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue PoC Post a comment on a page, then open https://example.com//?jaleditcomments=?jaleditcomments="...

0.2AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2021/07/24 12:0 a.m.96 views

WordPress Edit Comments plugin <= 0.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Edit Comments plugin versions = 0.3. Solution This plugin has been closed as of June 2, 2021 and is not available for download. Reason: Security Issue...

9.8CVSS3.5AI score0.01911EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2020/03/12 2:15 p.m.4 views

CVE-2020-10504

CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request...

4.3CVSS5.8AI score0.00485EPSS
Exploits1References2
Prion
Prion
added 2020/03/12 2:15 p.m.21 views

Cross site request forgery (csrf)

CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request...

4.3CVSS4.6AI score0.00485EPSS
Exploits1References2Affected Software1
Hacker One
Hacker One
added 2016/08/28 5:18 p.m.11 views

Nextcloud: Reflected Self-XSS Vulnerability in the Comment section of Files Information

Vulnerability Found In the test domain: demo.nextcloud.com Vulnerability Type : Reflected XSS STEPS TO REPRODUCE: STEP 1: Login to demo nextcloud server site using test credentials.demo.nextcloud.com STEP 2: On the All Files Tab ,Select Any File. STEP 3: A tab opens on the Right Hand side of the...

0.8AI score
Exploits0
NVD
NVD
added 2013/07/16 6:55 p.m.22 views

CVE-2013-2122

The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors...

5CVSS6.4AI score0.01556EPSS
Exploits0References8
OSV
OSV
added 2004/12/31 5:0 a.m.2 views

DEBIAN-CVE-2004-1559

Multiple cross-site scripting XSS vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 redirectto, text, popupurl, or popuptitle parameters to wp-login.php, 2 redirecturl parameter to admin-header.php, 3 popuptitle, popupurl, content, or posttit...

4.3CVSS6AI score0.06465EPSS
Exploits1References1
Rows per page
Query Builder