Lucene search
K

11 matches found

Openbugbounty
Openbugbounty
added 2024/05/20 10:51 a.m.11 views

gamesonline.goedbegin.nl Cross Site Scripting vulnerability OBB-3929041

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/05/20 10:26 a.m.12 views

boeken1.zeebad.nl Cross Site Scripting vulnerability OBB-3929025

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/05/20 5:50 a.m.9 views

canman.us Cross Site Scripting vulnerability OBB-3928844

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/05/20 3:42 a.m.11 views

sentineldongle.com Cross Site Scripting vulnerability OBB-3928773

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Patchstack
Patchstack
added 2024/05/20 12:0 a.m.13 views

WordPress Crafthemes Demo Import Plugin <= 3.3 is vulnerable to Broken Access Control

Software Crafthemes Demo Import Type Plugin Vulnerable versions = 3.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34800 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID e10925dbe035 Credits Yudistira Arya Required...

7.6CVSS6.5AI score0.00333EPSS
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2024/05/06 12:0 a.m.157 views

Business Card <= 1.0.0 - Category Edit via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories via CSRF attacks Make a logged in admin open an HTML document containing:...

6.7AI score0.00209EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/06 12:0 a.m.176 views

KKProgressbar2 Free <= 1.1.4.2 - Admin+ SQL Injection

Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks 1. Send a POST request to /wp-admin/admin.php?page=kkpb-add-project with the BODY action=edit-project&id=sleep5 2. Observe the delay in respons...

7.4AI score0.00547EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/06 12:0 a.m.149 views

Business Card <= 1.0.0 - Arbitrary Card Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks Make a logged in admin open an HTML document containing where is a valid ID: "...

6.7AI score0.00276EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/06 12:0 a.m.13 views

KKProgressbar2 Free <= 1.1.4.2 - Admin+ SQL Injection

Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks PoC 1. Send a POST request to /wp-admin/admin.php?page=kkpb-add-project with the BODY action=edit-project=sleep5 2. Observe the delay in...

7.2AI score0.00547EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/06 12:0 a.m.147 views

KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing: alert/XSS/' csrf" XSS will trigger on...

5.9AI score0.002EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/06 12:0 a.m.180 views

KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open an HTML file containing where is a valid ID: "...

6.7AI score0.00324EPSS
Exploits3
Rows per page
Query Builder