EUVD-2018-6744

Malware in sbrugna...

RiteCMS Cross-Site Scripting Vulnerability (CNVD-2026-05345)

RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary code in the Main Menu Items of the Administration Menu via a specially crafted payload...

CSRF Delete Navigation Menu Items

Description CSRF Delete Navigation Menu Items Proof of Concept 1 .Attack sends fake requests to users history.pushState'', '', '/'; document.forms0.submit; 2 .User click, deletes unwanted Navigation Menu Items Payload Poc...

CVE-2023-43878

Rite CMS 3.0 has Multiple Cross-Site scripting XSS vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu...

Cross site scripting

Rite CMS 3.0 has Multiple Cross-Site scripting XSS vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu...

PT-2023-29023 · Ritecms · Ritecms

Name of the Vulnerable Software and Affected Versions: Rite CMS version 3.0 Description: The issue allows attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu. This is a result of Multiple Cross-Site scripting XSS vulnerabilities...

CVE-2023-0554

The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...

Cross site request forgery (csrf)

The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...

CVE-2023-0554 Quick Restaurant Menu <= 2.0.2 - Cross-Site Request Forgery

The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...

CVE-2021-24942 Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution

The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment...

WordPress 插件跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Restaurant Menu by MotoPress Plugin in version 2.4.0 and earlier has a cross-site scripting...

Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Click on "Add New" under Restaurant Menu Plugin. Give any random title like...

CVE-2016-5254

Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service heap memory corruption and application crash by leveraging keyboard access to use the Alt...

Odoo Access Control Error Vulnerability (CNVD-2019-21437)

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python language, PostgreSQL as the database, and includes modules for sales management, inventory management, financial management and so on. An access control...

CVE-2018-14862

Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request...

Design/Logic Flaw

Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request...

[SECURITY] Fedora 26 Update: xdg-utils-1.1.3-1.fc26

The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: Third party software developers can rely on these xdg-utils for all of their simple...

DRUPAL-CONTRIB-2018-018

This module helps in exporting and importing Menu Items via the administrative interface. The module does not properly restrict access to administrative pages, allowing anonymous users to export and import menu links. There is no mitigation for this vulnerability...

CVE-2017-6509

Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php id parameter...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk fixes the following issues: - Oracle Critical Patch Update of January 2017 to OpenJDK 7u131 bsc1020905: Security Fixes - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution -...