EUVD-2015-7310

Malware in sbrugna...

EUVD-2016-10680

Malware in sbrugna...

WordPress plugin Logo Showcase with Slick Slider 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An access control error vulnerability exists in the WordPress...

Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF

The plugin does not have CSRF check in the lswsssaveattachmentdata AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media. jQuery.postajaxurl, action: "lswsssaveattachmentdata", attachmentid: 564, formdata:...

MediaWiki 跨站脚本漏洞

MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.A cross-site scripting vulnerability exists in MediaWiki, which stems from a failure of the...

Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update

The plugin does not have CSRF and authorisation checks in the lswsssaveattachmentdata AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media. jQuery.postajaxurl, action: "lswsssaveattachmentdata", attachmentid...

CVE-2021-36850

Cross-Site Request Forgery CSRF vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...

CVE-2021-36850

Cross-Site Request Forgery CSRF vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...

CVE-2021-36850 WordPress Media File Renamer – Auto & Manual Rename plugin <= 5.1.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...

Media File Renamer - Auto & Manual Rename < 5.2.7 - Media Title/Filename/Locking State Update via CSRF

The plugin does not have CSRF in place, which could allow attacker to make a logged in admin change arbitrary uploaded media title, filename, as well as locking state via a CSRF attack Notes: - We were unable to reproduce the issue from an attacker point of view, the endpoints are expecting JSON...

Gallery Blocks with Lightbox < 2.2.1- Authenticated Stored Cross-Site Scripting

A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox Version – 2.2.0 & below . The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the...

Dotclear cross-site scripting vulnerability (CNVD-2017-00084)

Dotclear is a software developer OlivierMeunier developed a free PHP and MySQL-based blog Blog publishing software. A cross-site scripting vulnerability exists in the admin/media.php and admin/mediaitem.ph files in versions of Dotclear prior to 2.11. A remote attacker can inject arbitrary web...

UBUNTU-CVE-2016-9891

Cross-site scripting XSS vulnerability in admin/media.php and admin/mediaitem.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or mediatitle parameter aka the media title...

CVE-2016-9891

Cross-site scripting XSS vulnerability in admin/media.php and admin/mediaitem.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or mediatitle parameter aka the media title...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/media.php and admin/mediaitem.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or mediatitle parameter aka the media title...

CVE-2016-9891

Dotclear before version 2.11 contains a cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php that allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameters. Impact is described as XSS with typical user in...

CVE-2015-7386

Multiple cross-site scripting XSS vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the 1 Media Title or 2 Media Subtitle fields...