Lucene search
+L

53 matches found

wpexploit
wpexploit
added 2023/10/16 12:0 a.m.154 views

URL Shortify < 1.7.9.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Multiple parameters in the plugin's...

4.8CVSS5AI score0.00408EPSS
Exploits2
OSV
OSV
added 2023/07/18 3:15 a.m.5 views

CVE-2023-3714

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'editgroup' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, includin...

8.8CVSS7.3AI score0.00692EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.6 views

PT-2023-25800 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.2 Description: The issue is related to a missing capability check on the 'edit group' handler, allowing authenticated attackers with group ownership to update group options,...

8.8CVSS8.2AI score0.00692EPSS
Exploits0References8
NVD
NVD
added 2023/03/16 10:15 p.m.22 views

CVE-2023-27059

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

7.8CVSS5.3AI score0.00379EPSS
Exploits1References1
Prion
Prion
added 2023/03/16 10:15 p.m.15 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

4.9CVSS5.3AI score0.00379EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/16 12:0 a.m.11 views

CVE-2023-27059

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

5.3AI score0.00379EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/03/16 12:0 a.m.4 views

PT-2023-20920 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.5.3 Description: A cross-site scripting XSS issue in the Edit Group function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field. This enables...

7.8CVSS6.2AI score0.00379EPSS
Exploits1References6
Cvelist
Cvelist
added 2023/03/16 12:0 a.m.35 views

CVE-2023-27059

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

5.4AI score0.00379EPSS
Exploits1References1
CVE
CVE
added 2023/03/16 12:0 a.m.66 views

CVE-2023-27059

ChurchCRM v4.5.3 is affected by a cross-site scripting (XSS) vulnerability in the Edit Group function, where an attacker can inject arbitrary scripts or HTML via the Edit Group Name field. The issue affects the Edit Group Name input and is supported by multiple sources in the Connected documents,...

7.8CVSS5.3AI score0.00379EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/03/16 12:0 a.m.17 views

CVE-2023-27059

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

7.8CVSS5.9AI score0.00379EPSS
Exploits1References3
OSV
OSV
added 2022/01/28 10:15 p.m.5 views

CVE-2021-46446

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=adminaccessgroupedit&aagID...

9.8CVSS7.3AI score0.01211EPSS
Exploits1References2
OSV
OSV
added 2021/04/13 3:15 p.m.4 views

UBUNTU-CVE-2020-13566

SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/editgroup.php, when the POST parameter action is “Delete”, the POST parameter deletegroup leads to a SQL...

8.8CVSS7.3AI score0.01576EPSS
Exploits1References3
OSV
OSV
added 2021/04/13 3:15 p.m.5 views

UBUNTU-CVE-2020-13568

SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/editgroup.php, when the POST parameter action is “Submit”, the POST parameter parentid leads to a SQL...

8.8CVSS7.3AI score0.29683EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.6 views

phpGACL SQL注入漏洞

phpGACL is an open source PHP class for Web developers to provide a simple but powerful "insert" permission system . For its current Web-based applications to use . Phpgacl version 3.3.7 SQL injection vulnerability , the vulnerability stems from the program admin/edit group.php page SQL injection...

8.8CVSS8.1AI score0.01576EPSS
Exploits1References2
OSV
OSV
added 2021/03/24 1:15 p.m.5 views

CVE-2021-29033

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/editgroup.php URI...

4.8CVSS5.8AI score0.00755EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/01/30 12:0 a.m.6 views

PT-2021-9640 · Phpgacl · Phpgacl

Name of the Vulnerable Software and Affected Versions: phpGACL version 3.3.7 Description: The issue allows for SQL injection through a specially crafted HTTP request. In the file admin/edit group.php, when the POST parameter action is set to “Delete”, the POST parameter delete group can lead to a...

8.8CVSS8.8AI score0.01576EPSS
Exploits1References9
NVD
NVD
added 2020/04/27 1:15 p.m.30 views

CVE-2019-18223

ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...

5.4CVSS5.4AI score0.00563EPSS
Exploits1References1
OSV
OSV
added 2020/04/27 1:15 p.m.8 views

CVE-2019-18223

ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...

5.4CVSS6.1AI score0.00563EPSS
Exploits1References1
Prion
Prion
added 2020/04/27 1:15 p.m.21 views

Cross site scripting

ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...

3.5CVSS5.3AI score0.00563EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/04/27 12:48 p.m.31 views

CVE-2019-18223

ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...

5.4AI score0.00563EPSS
Exploits1References1
Rows per page
Query Builder