41 matches found
PT-2024-37236 · WordPress · User Feedback – Create Interactive Feedback Form
Name of the Vulnerable Software and Affected Versions: User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress versions up to, and including, 1.0.15 Description: The issue arises from insufficient input sanitization and output escaping, allowing...
CVE-2024-0903
The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagesubmitted' 'link' value in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping...
Cross site scripting
The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagesubmitted' 'link' value in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping...
CVE-2023-46153
Unauth. Stored Cross-Site Scripting XSS vulnerability in UserFeedback Team User Feedback plugin = 1.0.9 versions...
CVE-2023-46153
CVE-2023-46153 is an unauthenticated stored XSS in the WordPress plugin “UserFeedback Team User Feedback” (versions
PT-2023-29881 · Unknown · Userfeedback Team User Feedback
Name of the Vulnerable Software and Affected Versions: UserFeedback Team User Feedback plugin versions 1.0.9 and earlier Description: The issue is related to an Unauth. Stored Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into the website, which...
WordPress User Feedback Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)
Software User Feedback Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46153 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a28b0bbea276 Credits Dimas Maulana Required privilege...
CVE-2023-39308 WordPress User Feedback Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
Unauth. Stored Cross-Site Scripting XSS vulnerability in UserFeedback Team User Feedback plugin = 1.0.7 versions...
PT-2023-26879 · Userfeedback Team · User Feedback Plugin
Name of the Vulnerable Software and Affected Versions: UserFeedback Team User Feedback plugin versions 1.0.7 and earlier Description: The issue is related to an Unauth. Stored Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a...
WordPress User Feedback Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
Software User Feedback Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-39308 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4cad82df326d Credits Revan Arifio Required privilege...
The vulnerability of the Jenkins extreme-feedback plugin lies in the lack of permission checking in the connected module, which allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the Jenkins extreme-feedback plugin is related to the lack of permission checking in the module being connected. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...
Information disclosure
A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps...
CVE-2022-41242
CVE-2022-41242 affects Jenkins extreme-feedback Plugin 1.7 and earlier. Root cause: missing authorization check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate lamp-related data (job names, MAC/IP addresses) and rename lamps. Impact is information disclosure and ...
CVE-2022-41242
A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps...
PT-2022-6107 · Jenkins · Jenkins Extreme-Feedback Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins extreme-feedback Plugin versions 1.7 and earlier Description: The issue is related to a missing permission check in the Jenkins extreme-feedback Plugin, allowing attackers with Overall/Read permission to access sensitive information...
MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting Vulnerability
Exploit Title: MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1220 Version: 1.8.22 Tested on: Windows 10 CVE: CVE-2021-28115 1. Description: This plugin adds a feedback...
MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting
Exploit Title: MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting Date: 1/30/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1220 Version: 1.8.22 Tested on: Windows 10 CVE: CVE-2021-28115 1. Description: This plugin...
CVE-2021-28115
The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation...
CVE-2021-28115
The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation...
Sql injection
SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php...