8 matches found
CVE-2024-5709
The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layoutname' parameter. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an...
PT-2019-15803 · Zoho · Zoho Crm Lead Magnet Plugin
Name of the Vulnerable Software and Affected Versions: Zoho CRM Lead Magnet plugin version 1.6.9.1 Description: The issue allows for XSS attacks. This can be achieved via the module, EditShortcode, or LayoutName. Recommendations: For Zoho CRM Lead Magnet plugin version 1.6.9.1, update to a newer...
CVE-2019-10105
CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager...
WolfCMS Cross-Site Scripting Vulnerability (CNVD-2018-07056)
Wolf CMS is a lightweight content management system written in PHP. A stored cross-site scripting vulnerability exists in WolfCMS 0.8.3.1 in the Layout Name under the Layout tab. A low-privileged user can exploit this vulnerability to steal cookies from administrative users and compromise the...
CVE-2018-1000084
WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name from Layout tab that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the...
CVE-2018-1000084
WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name from Layout tab that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the...
Cross site scripting
WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name from Layout tab that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the...
CVE-2018-1000084
WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name from Layout tab that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the...