CVE-2025-6735

A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the installation process of the Import Page component in /admin-cp/imports. An attacker can gain unauthorized access to restricted actions or data by exploiting incorrect privilege assignments during...

JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing Import Page component

A vulnerability classified as critical has been found in JuzaWeb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to...

CVE-2025-6735 juzaweb CMS Import Page imports improper authorization

A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to...

CVE-2025-1320

The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request...

WordPress plugin teachPress 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2024-12296

The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'importpageoptions' function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, wit...

WordPress plugin Apus Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Apus Framework plugin <= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options vulnerability

Authenticated Subscriber+ Arbitrary Options Update in importpageoptions vulnerability discovered by Tonn in WordPress Plugin Apus Framework versions = 2.3...

Unspecified Vulnerability in JetBrains YouTrack

JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, and is primarily geared towards team collaboration management, especially suitable for software development, human resources, marketing, and other scenarios. JetBrains YouTrack suffers from a securit...

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, and is primarily geared towards team collaboration management, especially suitable for software development, human resources, marketing, and other scenarios. JetBrains YouTrack suffers from a securit...

Malicious code in @bingads-webui-campaign/facebook-import-page (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21a5691da486b64faecd5c39157f18324639cdaf8a357094a80ef7088eb6c34c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2020-5286 Reflected XSS related in import page in PrestaShop

In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. The problem is fixed in 1.7.6.5...

Infovista VistaPortal SE Cross-Site Scripting Vulnerability (CNVD-2019-07221)

Infovista VistaPortal SE is a Web-based application from Infovista USA. A cross-site scripting vulnerability exists in the /VPortal/mgtconsole/Import.jsp page in Infovista VistaPortal SE version 5.1 build 51029, which can be exploited by remote attackers to inject arbitrary web script or HTML wit...

MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection Exploit

Exploit for multiple platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability',...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...

Cross site scripting

Cross-site scripting XSS vulnerability in the Event Import page import-eventbrite-events.php in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php...

CVE-2015-5485

Summary: CVE-2015-5485 is a reflected XSS in The Events Calendar: Eventbrite Tickets Plugin for WordPress by Modern Tribe. Affected software: WordPress plugin The Events Calendar: Eventbrite Tickets (versions before 3.10.2). Vulnerable component: Event Import page (import-eventbrite-events.php). ...

WordPress Modern Tribe Eventbrite Tickets Plugin <= 3.10.1 - XSS

This vulnerability is in the Event Import page. It allows an attacker to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php. Solution Update the plugin...