CVE-2018-0547

Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-7997

Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript...

CVE-2018-0546

Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0547

The CVE-2018-0547 entry concerns the WordPress plugin WP All Import prior to version 3.4.7. The vulnerability is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary script/HTML via unspecified vectors, potentially leading to arbitrary JavaScript execution in a logged-in ...

CVE-2018-0546

CVE-2018-0546 corresponds to a cross-site scripting vulnerability in the WordPress plugin WP All Import, affecting versions prior to 3.4.6. The flaw is in the file upload function and allows an attacker to inject arbitrary script or HTML via unspecified vectors. Public references consistently sta...

CVE-2018-0547

Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

WordPress plugin "WP All Import" vulnerable to cross-site scripting

Overview The WordPress plugin "WP All Import" provided by Soflyy contains a reflected cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN33527174. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with...

WordPress plugin "WP All Import" vulnerable to cross-site scripting

Overview The WordPress plugin "WP All Import" provided by Soflyy contains a cross-site scripting vulnerability CWE-79 in the file upload function. Note that this vulnerability is different from JVN60032768. Mardan Muhidin of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

WordPress WP All Import Plugin Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress WP All Import plugin versions prior to 3.4.6, which can be exploited...

WordPress WP All Import plugin cross-site scripting vulnerability (CNVD-2018-04771)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress WP All Import plugin versions prior to 3.4.7, which can be exploited...

JVN#33527174: WordPress plugin "WP All Import" vulnerable to cross-site scripting

The WordPress plugin "WP All Import" provided by Soflyy contains a cross-site scripting vulnerability CWE-79 in the file upload function. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

[SECURITY] Fedora 26 Update: phpMyAdmin-4.7.8-1.fc26

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

FineCms Cross-Site Scripting Vulnerability (CNVD-2018-06305)

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. A cross-site scripting vulnerability exists in controllers/admin/Linkage.php in dayrui FineCms version 5.3.0. The vulnerability is caused due to an xssclean protection mechanism th...

CVE-2018-7476

controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting XSS via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xssclean protection mechanism is defeated by crafted input that lacks a '' character...

CVE-2018-7472

INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations...

Design/Logic Flaw

INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations...

CVE-2018-7472

INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations...

PT-2018-18092 · Finecms · Finecms

Name of the Vulnerable Software and Affected Versions: FineCms version 5.3.0 Description: The issue concerns a Cross Site Scripting XSS problem. It occurs via the id or lid parameter in a "c=linkage,m=import" request to "admin.php". The xss clean protection mechanism is bypassed by specially...

Disk Pulse Enterprise 10.4.18 Buffer Overflow

!/usr/bin/env python Exploit Title: Disk Pulse Enterprise v10.4.18 - 'Import Command' Buffer Overflow SEH Date: 2018-01-22 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage: http://www.diskpulse.com Software Link:...