2167 matches found
CVE-2023-29322
Adobe Experience Manager versions 6.5.16.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-29302
Adobe Experience Manager versions 6.5.16.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-29322
Adobe Experience Manager versions 6.5.16.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
Cross site scripting
Adobe Experience Manager versions 6.5.16.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-29322 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
Adobe Experience Manager versions 6.5.16.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-29302 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
Adobe Experience Manager versions 6.5.16.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-29302 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
Adobe Experience Manager versions 6.5.16.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-2277
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...
CVE-2023-2277
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...
CVE-2023-2277 WP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitem
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...
EyouCms 跨站脚本漏洞
EyouCms is an open source content management system CMS based on ThinkPHP by Hainan Zanzan Network Technology Co. A cross-site scripting vulnerability exists in EyouCMS version 1.6.2, which can be exploited by attackers to inject malicious JavaScript scripts...
Design/Logic Flaw
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasavesettingscallback function in versions up to, and including, 4.2.10. This makes it possible for authenticated...
CVE-2022-4948
The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in...
CVE-2022-4948
The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in...
Authorization
The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in...
CVE-2022-4948 FlyingPress <= 3.9.6 - Missing Authorization
The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in...
CVE-2022-4948
The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in...
PT-2023-15934 · WordPress · The Flyingpress
Name of the Vulnerable Software and Affected Versions: The FlyingPress plugin for WordPress versions up to, and including, 3.9.6 Description: The issue allows authenticated attackers with subscriber-level permissions and above to bypass authorization and interact with the plugin in unintended way...
Cross-Site Scripting (XSS)
com.liferay:com.liferay.account.admin.web is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing a remote authenticated attacker to inject and execute malicious JavaScript on victim's browser via a...
Cross-site Scripting (XSS)
github.com/pydio/cells is vulnerable to Cross-site Scripting XSS. The vulnerability exists because Message.js does not properly skip the HTML in chat messages, which allows an attacker to inject and execute malicious JavaScript...