CVE-2021-47768

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...

CVE-2021-47768

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...

CVE-2021-47768 ImportExportTools NG 10.0.4 - HTML Injection

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...

CVE-2021-47768

The CVE-2021-47768 entry concerns ImportExportTools NG 10.0.4, where a persistent HTML injection flaw exists in the email export module. The vulnerability allows remote attackers to inject malicious HTML payloads by crafting HTML in the subject line, which can execute during HTML export and poten...

CVE-2021-47768

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...

CVE-2021-47768 ImportExportTools NG 10.0.4 - HTML Injection

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...

EUVD-2026-2765

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...

PT-2026-3044

Name of the Vulnerable Software and Affected Versions ImportExportTools NG version 10.0.4 Description ImportExportTools NG has a persistent HTML injection issue in the email export module. Remote attackers can inject malicious HTML payloads. Attackers can send emails with crafted HTML in the...

Import Export Tools NG security vulnerabilities

Import Export Tools NG is an open-source import and export tool developed by thundernest. Version 10.0.4 of Import Export Tools NG contains a security vulnerability. This vulnerability stems from a persistent HTML injection issue in the email export module, which could allow remote attackers to...

TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds < 1.4.11 - Missing Authorization to Authenticated (Subscriber+) User Email Export

Description The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawalletexportusersearch function in all versions up to, and including,...

Outlining a new SiestaGraph backdoor

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Foreign Affairs Office of an Association of Southeast Asian Nations ASEAN member is targeted by multiple threat actors who are coordinating active campaigns via a vulnerable Microsoft Exchange server...

CVE-2019-14800

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI...

FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored XSS

The vulnerable function is exposed to unauthenticated users over wpajaxnoprivfvwpflowplayeremailsignup ajax hook. It saves anything that user provides in email POST parameter. PoC Send POST request to wp-admin/admin-ajax.php with body content: "[email protected]" The...

CVE-2017-14956

AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizardemail.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address...

AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery

AlienVault Unified Security Management USM 5.4.2 - Cross-Site Request Forgery 1. ADVISORY INFORMATION ======================= Product: AlienVault USM Vendor URL: https://www.alienvault.com Type: Cross-Site Request Forgery CWE-253 Date found: 2017-09-22 Date published: 2017-10-13 CVSSv3 Score: 6.5...