28 matches found
Wordpress Plugin Edit Comments SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. Wordpress Plugin Edit Comments suffers from a SQL...
Edit Comments <= 0.3 - Reflected Cross-Site Scripting
The plugin does not sanitise, validate or escape the jaleditcomments GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue PoC Post a comment on a page, then open https://example.com//?jaleditcomments=?jaleditcomments="...
WordPress Edit Comments plugin <= 0.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Edit Comments plugin versions = 0.3. Solution This plugin has been closed as of June 2, 2021 and is not available for download. Reason: Security Issue...
CVE-2020-10504
CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request...
Cross site request forgery (csrf)
CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request...
Nextcloud: Reflected Self-XSS Vulnerability in the Comment section of Files Information
Vulnerability Found In the test domain: demo.nextcloud.com Vulnerability Type : Reflected XSS STEPS TO REPRODUCE: STEP 1: Login to demo nextcloud server site using test credentials.demo.nextcloud.com STEP 2: On the All Files Tab ,Select Any File. STEP 3: A tab opens on the Right Hand side of the...
CVE-2013-2122
The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors...
DEBIAN-CVE-2004-1559
Multiple cross-site scripting XSS vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 redirectto, text, popupurl, or popuptitle parameters to wp-login.php, 2 redirecturl parameter to admin-header.php, 3 popuptitle, popupurl, content, or posttit...