21 matches found
CVE-2023-49171
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: fr...
EUVD-2023-53176
Malicious code in bioql PyPI...
CVE-2024-0858
The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees...
CVE-2024-32592 WordPress Void Elementor WHMCS Elements For Elementor Page Builder plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VoidCoders, innovs Void Elementor WHMCS Elements For Elementor Page Builder allows Stored XSS.This issue affects Void Elementor WHMCS Elements For Elementor Page Builder: from n/a through 2.0...
WordPress Innovs HR Plugin <= 1.0.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Innovs HR Type Plugin Vulnerable versions = 1.0.3.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0858 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1fae1c140215 Credits Sushil Phuyal Required...
CVE-2024-0858
The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees...
CVE-2024-0858
The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees...
CVE-2024-0858 Innovs HR <= 1.0.3.4 - Employee Creation via CSRF
The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees...
CVE-2024-0858
CVE-2024-0858 affects the Innovs HR WordPress plugin up to version 1.0.3.4. The issue is due to missing CSRF checks in certain areas, potentially allowing a logged-in attacker to perform actions (e.g., adding employees) via CSRF, with high impact on confidentiality, integrity, and availability (C...
WordPress Plugin Innovs HR Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2024-15871 · WordPress · Innovs Hr Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Innovs HR WordPress plugin versions 1.0.3.4 and earlier Description: The issue concerns a lack of CSRF checks in some places within the Innovs HR WordPress plugin, which could allow attackers to make logged-in users perform unwanted actions v...
Innovs HR <= 1.0.3.4 - Employee Creation via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. PoC...
Innovs HR <= 1.0.3.4 - Employee Creation via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. input type="hidden" name="maritalstatus" value="Single"...
CVE-2023-49171
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: fr...
CVE-2023-49171
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: fr...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: fr...
CVE-2023-49171 WordPress Innovs HR Plugin <= 1.0.3.4 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: fr...
CVE-2023-49171
CVE-2023-49171 is a cross-site scripting (Reflected XSS) vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business (WordPress plugin Innovs HR Manager) affecting versions up to 1.0.3.4. The root cause is improper input neutralization during web page genera...
CVE-2023-49171 WordPress Innovs HR Plugin <= 1.0.3.4 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: fr...
WordPress plugin and WordPress cross-site scripting vulnerabilities
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...