Lucene search
K

590 matches found

CNNVD
CNNVD
added 2022/12/27 12:0 a.m.4 views

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. FlatPress has a cross-site scripting vulnerability, the vulnerability stems from a problem with the function main in the fp-plugins/mediamanager/panels/panel.mediamanager.file.php file of the component...

6.1CVSS4.8AI score0.00518EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/12/19 1:41 p.m.7 views

CVE-2022-4124 Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them...

4.7AI score0.00274EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2022/12/19 12:0 a.m.20 views

FlatPress < 1.3 Multiple Vulnerabilities

FlatPress is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS6.2AI score0.35435EPSS
Exploits2References7
NVD
NVD
added 2022/11/30 1:15 p.m.15 views

CVE-2022-26366

Cross-Site Request Forgery CSRF in AdRotate Banner Manager Plugin = 5.9 on WordPress...

8.8CVSS0.00264EPSS
Exploits0References1
OSV
OSV
added 2022/11/10 10:15 p.m.6 views

CVE-2022-42460

Broken Access Control vulnerability leading to Stored Cross-Site Scripting XSS in Traffic Manager plugin = 1.4.5 on WordPress...

5.4CVSS5.8AI score0.00403EPSS
Exploits0References2
Prion
Prion
added 2022/11/10 10:15 p.m.12 views

Cross site scripting

Broken Access Control vulnerability leading to Stored Cross-Site Scripting XSS in Traffic Manager plugin = 1.4.5 on WordPress...

4.9CVSS5.2AI score0.00403EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/10 9:36 p.m.56 views

CVE-2022-42460

CVE-2022-42460 affects the WordPress Traffic Manager plugin up to version 1.4.5, with a Broken Access Control flaw that enables Stored Cross-Site Scripting (XSS). The root cause is insufficient access controls on the plugin, allowing stored payloads that can be executed in users with a range of p...

6.5CVSS5.3AI score0.00403EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/10 12:0 a.m.4 views

PT-2022-26444 · WordPress · Traffic Manager

Name of the Vulnerable Software and Affected Versions: Traffic Manager plugin versions prior to 1.4.6 Description: The issue is related to a Broken Access Control vulnerability that leads to Stored Cross-Site Scripting XSS in the Traffic Manager plugin on WordPress. Recommendations: For Traffic...

6.5CVSS5.1AI score0.00403EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/10/24 1:15 p.m.3 views

CVE-2022-42460

Broken Access Control vulnerability leading to Stored Cross-Site Scripting XSS in Traffic Manager plugin = 1.4.5 on WordPress...

6.5CVSS5.8AI score0.00403EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/10/17 12:0 a.m.66 views

CVE-2022-3126

CVE-2022-3126 concerns the WordPress plugin Frontend File Manager (prior to version 21.4). The issue is a missing CSRF check during file uploads, enabling an attacker to cause a logged-in user to upload files on the attacker’s behalf. Documented impact is limited to file upload behavior with no b...

4.3CVSS4.5AI score0.00267EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/03 12:0 a.m.4 views

PT-2022-20633

Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin WordPress plugin versions prior to 21.3 Description The issue allows any unauthenticated user to rename uploaded files from users. Due to the lack of validation in the destination filename, this could allow them to...

5.3CVSS6AI score0.06199EPSS
Exploits2References7
Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.32 views

CSRF vulnerability and mM

Worksoft Execution Manager Plugin 10.0.3.503 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another metho...

6.5CVSS6.6AI score0.00612EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.24 views

CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials

Worksoft Execution Manager Plugin 10.0.3.503 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another metho...

8.8CVSS8.2AI score0.00436EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/09/22 12:0 a.m.16 views

GHSA-GHQ7-85HP-FH76 CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials

Worksoft Execution Manager Plugin 10.0.3.503 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another metho...

4.2CVSS8.7AI score0.00436EPSS
Exploits0References3
NVD
NVD
added 2022/09/21 4:15 p.m.26 views

CVE-2022-41245

A cross-site request forgery CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS0.00436EPSS
Exploits0References1
Prion
Prion
added 2022/09/21 4:15 p.m.18 views

Design/Logic Flaw

A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4CVSS6.3AI score0.00612EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/09/21 3:46 p.m.69 views

CVE-2022-41246

CVE-2022-41246 affects Jenkins Worksoft Execution Manager Plugin up to version 10.0.3.503. The root cause is a missing permission check, which allows attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified credential IDs obtained through another method, enabli...

6.5CVSS6.3AI score0.00612EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/21 3:46 p.m.30 views

CVE-2022-41246

A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.9AI score0.00612EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2022/09/21 3:46 p.m.61 views

CVE-2022-41246

A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6AI score0.00612EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/21 3:46 p.m.25 views

CVE-2022-41245

A cross-site request forgery CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

9AI score0.00436EPSS
Exploits0References1
Rows per page
Query Builder