53 matches found
URL Shortify < 1.7.9.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Multiple parameters in the plugin's...
CVE-2023-3714
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'editgroup' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, includin...
PT-2023-25800 · WordPress · Profilegrid
Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.2 Description: The issue is related to a missing capability check on the 'edit group' handler, allowing authenticated attackers with group ownership to update group options,...
CVE-2023-27059
A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...
Cross site scripting
A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...
CVE-2023-27059
A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...
PT-2023-20920 · Churchcrm · Churchcrm
Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.5.3 Description: A cross-site scripting XSS issue in the Edit Group function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field. This enables...
CVE-2023-27059
A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...
CVE-2023-27059
ChurchCRM v4.5.3 is affected by a cross-site scripting (XSS) vulnerability in the Edit Group function, where an attacker can inject arbitrary scripts or HTML via the Edit Group Name field. The issue affects the Edit Group Name input and is supported by multiple sources in the Connected documents,...
CVE-2023-27059
A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...
CVE-2021-46446
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=adminaccessgroupedit&aagID...
UBUNTU-CVE-2020-13566
SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/editgroup.php, when the POST parameter action is “Delete”, the POST parameter deletegroup leads to a SQL...
UBUNTU-CVE-2020-13568
SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/editgroup.php, when the POST parameter action is “Submit”, the POST parameter parentid leads to a SQL...
phpGACL SQL注入漏洞
phpGACL is an open source PHP class for Web developers to provide a simple but powerful "insert" permission system . For its current Web-based applications to use . Phpgacl version 3.3.7 SQL injection vulnerability , the vulnerability stems from the program admin/edit group.php page SQL injection...
CVE-2021-29033
A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/editgroup.php URI...
PT-2021-9640 · Phpgacl · Phpgacl
Name of the Vulnerable Software and Affected Versions: phpGACL version 3.3.7 Description: The issue allows for SQL injection through a specially crafted HTTP request. In the file admin/edit group.php, when the POST parameter action is set to “Delete”, the POST parameter delete group can lead to a...
CVE-2019-18223
ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...
CVE-2019-18223
ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...
Cross site scripting
ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...
CVE-2019-18223
ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...