74 matches found
PicUploader 安全漏洞
PicUploader is a graphic bed tool written in php by Bruce's personal developer. It helps you to quickly upload your images to a cloud image bed and automatically returns a Markdown formatted link to the clipboard. PicUploader has a security vulnerability that stems from the...
PT-2024-31252 · Unknown · Picuploader
Name of the Vulnerable Software and Affected Versions: PicUploader version fcf82ea Description: A cross-site scripting XSS issue exists in the /master/auth/OnedriveRedirect.php component, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error...
PT-2024-18296 · WordPress · Nextend Social Login/Register
Name of the Vulnerable Software and Affected Versions: Nextend Social Login and Register plugin for WordPress versions up to, and including, 3.1.12 Description: The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the error...
WordPress Plugin Nextend Social Login and Register Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2023-38878
A reflected cross-site scripting XSS vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'errordescription' parameters of 'oauth2.php'...
DevCode OpenSTAManager Cross-Site Scripting Vulnerability
OpenSTAManager is an open source management software for technical assistance and billing from Devcode Open Source. A security vulnerability exists in DevCode OpenSTAManager versions 2.4.24 through 2.4.47, which stems from a reflected cross-site scripting XSS vulnerability in the error and...
PT-2022-4900 · Ovirt · Ovirt Engine
Name of the Vulnerable Software and Affected Versions: ovirt-engine affected versions not specified Description: The issue is related to the ovirt-engine management tool for virtual infrastructure, which fails to protect its web page structure when handling the error description parameter. This...
While using FAS application launch fails with error "Cannot start app <Application Name>"
Application launch fails with error "Cannot start app ", Event ID 1 and 28 are logged on Storefront servers. Event ID: 1 Description: The Federated Authentication Server at: returned a server error: 1 for method AssertIdentity...
CVE-2021-38349
The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the errordescription parameter found in the /templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The WorkPress Plugin suffers from a cross-sit...
Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. See CWE-172: Encoding Erro...
Secure web on iOS devices getting error: Cannot Open Page too many HTTP redirects
When user opens web link with secure web on iOS devices, below error comes up. Error:Cannot Open Page too many HTTP redirects. Secure web log from iOS device: ==================== NSLocalizedDescription = "too many HTTP redirects"; NSUnderlyingError = "Error Domain=kCFErrorDomainCFNetwork...
Design/Logic Flaw
cosenary Instagram-PHP-API aka Instagram PHP API V2, as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php errordescription parameter...
WordPress: Stored XSS on Broken Themes via filename
Hi, I've found something here, Description XSS Stored because filename of theme when broken, So when theme is broken, Wordpress will inform the name of theme who has been broken which is the folder name of theme and inform the error with description message. F342862 Looks like the filename is...