Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nate Reist Protected Posts Logout Button plugin = 1.4.5 versions...

CVE-2023-25978

The CVE-2023-25978 entry refers to the WordPress Protected Posts Logout Button plugin with a Stored XSS vulnerability in versions

CVE-2023-25978 WordPress Protected Posts Logout Button Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nate Reist Protected Posts Logout Button plugin = 1.4.5 versions...

WordPress Plugin Nate Reist Protected Posts Logout Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Amazon Linux AMI : mod24_auth_mellon (ALAS-2023-1765)

The version of mod24authmellon installed on the remote host is prior to 0.14.0-2.10. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1765 advisory. A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attack...

Amazon Linux 2 : mod_auth_mellon (ALAS-2023-2077)

The version of modauthmellon installed on the remote host is prior to 0.14.0-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2077 advisory. A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker t...

Medium: mod24_auth_mellon

Issue Overview: A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. T...

CVE-2023-2187

On Triangle MicroWorks' SCADA Data Gateway version = v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event"...

CVE-2023-2415

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitalogoutcallback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attacker...

CVE-2023-2415

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitalogoutcallback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attacker...

CVE-2023-2416

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcitalogoutcallback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia...

CVE-2023-2416

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcitalogoutcallback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia...

CVE-2023-2416 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5 - Cross-Site Request Forgery to Account Logout

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcitalogoutcallback function in versions up to, and including, 4.5. This makes it possible for unauthenticated to logout a vctia...

CVE-2023-2415 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.2.10 - Missing Authorization to Account Logout

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitalogoutcallback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attacker...

WordPress Plugin Online Booking & Scheduling Calendar 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-19438 · Vcita · Online Booking & Scheduling Calendar For Wordpress

Name of the Vulnerable Software and Affected Versions: The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress versions up to, and including, 4.2.10 Description: The issue is related to a missing capability check on the vcita logout callback function, allowing...

Online Booking & Scheduling Calendar for WordPress by vcita < 4.3.0 - Subscriber+ Denial of Service by account logout

The plugin does not validate authorization in the vcitalogout ajax action, allowing any logged in user with roles as low as subscriber to log the site out from the cvita account, causing a denial of service for the appointment scheduling functionality...

User may be redirected to On-premises AAA Logout Page after Logging off Citrix Cloud

When you deploy an on-premises Citrix GatewayNetScaler Gateway as the OAuth IDP for Citrix Cloud. User may be redirected toon-premises IDP logout page/vpn/tmlogout.html instead of Citrix Cloud login page after logging out Citrix Cloud. For example, you have the following URLs: Citrix Cloud URL:...

CVE-2023-32318

Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous...

Nextcloud 代码问题漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud server, which stems from a session handling regression between Nextcloud Server and the Nextcloud Text application tha...