97 matches found
JVN#79254445: Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting
Multiple EC-CUBE plugins provided by ETUNA contain a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 June 15, an attack exploting this vulnerability has been observed in the wild. Impact...
Cross site scripting
The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
CVE-2016-4879
Cross-site request forgery CSRF vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
CVE-2016-4886
CVE-2016-4886 is described in connected sources as a cross-site request forgery (CSRF) vulnerability affecting baserCMS with the Mail plugin (versions 3.0.10 and earlier). The underlying issue is CSRF when a logged-in administrator visits a malicious URL, which can force unintended administrative...
WordPress WP Mail plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. wpmail is the function used to send mail. A cross-site scripting vulnerability exists in the WordPress WP Mail plugin due to the program failing to adequately validate user input. An...
CVE-2017-5942
An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail...
CVE-2017-5942
An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail...
Cross site scripting
An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail...
CVE-2017-5942
An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail...
WordPress plugin wp-gallery-mail suffers from a reflected cross-site scripting vulnerability
WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A reflective cross-site scripting vulnerability exists in the WordPress plugin wp-gallery-mail 'login.php' page, which can be exploited by attackers to construct...
BaserCMS Cross-Site Request Forgery Vulnerability (CNVD-2016-08863)
baserCMS is an enterprise-level content management system CMS. A cross-site request forgery vulnerability exists in baserCMS 3.0.10 and prior versions. The vulnerability can be exploited by an attacker to perform unauthorized operations on the server when the Mail plugin is enabled and a user...
BaserCMS Cross-Site Request Forgery Vulnerability
baserCMS is an enterprise-level content management system CMS. A cross-site request forgery vulnerability exists in baserCMS 3.0.10 and prior versions. When the Mail plugin is enabled and a user accesses a malicious URL, an attacker can exploit the vulnerability to perform unauthorized operations...
baserCMS plugin Mail vulnerable to cross-site request forgery
Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC...
baserCMS plugin Mail vulnerable to cross-site request forgery
Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability. Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with t...
baserCMS plugin Mail vulnerable to cross-site scripting
Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a stored cross-site scripting vulnerability. Isao Takaesu of Mitsui Bussan Secure Directions, Inc. and Norihiko Hirukawa of FiveDrive Inc. reported this...
WordPress Pondol Form to Mail Plugin <= 1.1 - Cross Site Scripting (XSS)
Because of this vulnerability, the variable itemid appears to send unsanitized data back to the users browser. Vulnerable file is pondol-formmail/pages/admin-mail-info.php. Solution Update the plugin...