Lucene search
K

97 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/15 12:0 a.m.39 views

JVN#79254445: Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting

Multiple EC-CUBE plugins provided by ETUNA contain a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 June 15, an attack exploting this vulnerability has been observed in the wild. Impact...

6.1CVSS6.1AI score0.01121EPSS
Exploits0
Prion
Prion
added 2019/08/30 2:15 p.m.16 views

Cross site scripting

The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS...

4.3CVSS6.4AI score0.00985EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2017/05/12 6:29 p.m.19 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

6.8CVSS7.6AI score0.00878EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2017/05/12 6:29 p.m.18 views

CVE-2016-4879

Cross-site request forgery CSRF vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

8.8CVSS7.4AI score
Exploits0References3
CVE
CVE
added 2017/05/12 6:0 p.m.46 views

CVE-2016-4886

CVE-2016-4886 is described in connected sources as a cross-site request forgery (CSRF) vulnerability affecting baserCMS with the Mail plugin (versions 3.0.10 and earlier). The underlying issue is CSRF when a logged-in administrator visits a malicious URL, which can force unintended administrative...

8.8CVSS8.8AI score0.00924EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/02/14 12:0 a.m.3 views

WordPress WP Mail plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. wpmail is the function used to send mail. A cross-site scripting vulnerability exists in the WordPress WP Mail plugin due to the program failing to adequately validate user input. An...

6.1CVSS6.8AI score0.00957EPSS
Exploits1References1
NVD
NVD
added 2017/02/10 7:59 a.m.19 views

CVE-2017-5942

An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail...

6.1CVSS6.4AI score0.00957EPSS
Exploits1References2
OSV
OSV
added 2017/02/10 7:59 a.m.4 views

CVE-2017-5942

An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail...

6.1CVSS5.9AI score0.00957EPSS
Exploits1References2
Prion
Prion
added 2017/02/10 7:59 a.m.17 views

Cross site scripting

An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail...

4.3CVSS6.3AI score0.00957EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/02/10 6:51 a.m.19 views

CVE-2017-5942

An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail...

6.4AI score0.00957EPSS
Exploits1References2
CNVD
CNVD
added 2017/01/03 12:0 a.m.3 views

WordPress plugin wp-gallery-mail suffers from a reflected cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A reflective cross-site scripting vulnerability exists in the WordPress plugin wp-gallery-mail 'login.php' page, which can be exploited by attackers to construct...

6.8AI score
Exploits0
CNVD
CNVD
added 2016/09/30 12:0 a.m.5 views

BaserCMS Cross-Site Request Forgery Vulnerability (CNVD-2016-08863)

baserCMS is an enterprise-level content management system CMS. A cross-site request forgery vulnerability exists in baserCMS 3.0.10 and prior versions. The vulnerability can be exploited by an attacker to perform unauthorized operations on the server when the Mail plugin is enabled and a user...

8.8CVSS8.5AI score0.00924EPSS
Exploits0References1
CNVD
CNVD
added 2016/09/30 12:0 a.m.7 views

BaserCMS Cross-Site Request Forgery Vulnerability

baserCMS is an enterprise-level content management system CMS. A cross-site request forgery vulnerability exists in baserCMS 3.0.10 and prior versions. When the Mail plugin is enabled and a user accesses a malicious URL, an attacker can exploit the vulnerability to perform unauthorized operations...

8.8CVSS6.8AI score0.00878EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/09/29 7:4 a.m.4 views

baserCMS plugin Mail vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC...

8.8CVSS6.5AI score0.00924EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/09/29 7:4 a.m.6 views

baserCMS plugin Mail vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability. Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

8.8CVSS6.5AI score0.00878EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/09/29 7:4 a.m.5 views

baserCMS plugin Mail vulnerable to cross-site scripting

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a stored cross-site scripting vulnerability. Isao Takaesu of Mitsui Bussan Secure Directions, Inc. and Norihiko Hirukawa of FiveDrive Inc. reported this...

5.4CVSS5.8AI score0.00897EPSS
Exploits0References5
Patchstack
Patchstack
added 2016/04/13 12:0 a.m.24 views

WordPress Pondol Form to Mail Plugin <= 1.1 - Cross Site Scripting (XSS)

Because of this vulnerability, the variable itemid appears to send unsanitized data back to the users browser. Vulnerable file is pondol-formmail/pages/admin-mail-info.php. Solution Update the plugin...

6.1CVSS3.4AI score0.03462EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder