17 matches found
CVE-2023-49171
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: fr...
EUVD-2023-53176
Malicious code in bioql PyPI...
CVE-2024-0858
The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees...
WordPress Innovs HR Plugin <= 1.0.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Innovs HR Type Plugin Vulnerable versions = 1.0.3.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0858 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1fae1c140215 Credits Sushil Phuyal Required...
CVE-2024-0858
The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees...
CVE-2024-0858
The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees...
CVE-2024-0858 Innovs HR <= 1.0.3.4 - Employee Creation via CSRF
The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees...
PT-2024-15871 · WordPress · Innovs Hr Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Innovs HR WordPress plugin versions 1.0.3.4 and earlier Description: The issue concerns a lack of CSRF checks in some places within the Innovs HR WordPress plugin, which could allow attackers to make logged-in users perform unwanted actions v...
Innovs HR <= 1.0.3.4 - Employee Creation via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. input type="hidden" name="maritalstatus" value="Single"...
Innovs HR <= 1.0.3.4 - Employee Creation via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. PoC...
CVE-2023-49171
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: fr...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: fr...
CVE-2023-49171
CVE-2023-49171 is a cross-site scripting (Reflected XSS) vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business (WordPress plugin Innovs HR Manager) affecting versions up to 1.0.3.4. The root cause is improper input neutralization during web page genera...
CVE-2023-49171 WordPress Innovs HR Plugin <= 1.0.3.4 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: fr...
CVE-2023-49171 WordPress Innovs HR Plugin <= 1.0.3.4 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: fr...
WordPress plugin and WordPress cross-site scripting vulnerabilities
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
WordPress Innovs HR Plugin <= 1.0.3.4 is vulnerable to Cross Site Scripting (XSS)
Software Innovs HR Type Plugin Vulnerable versions = 1.0.3.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49171 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e18ef701b7d2 Credits SeungYongLee Required privilege...