CVE-2021-41263

railsmultisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker t...

GHSA-844M-CPR9-JCMH Rails Multisite secure/signed cookies share secrets between sites in a multi-site application

Impact This vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application...

Rails Multisite secure/signed cookies share secrets between sites in a multi-site application

Impact This vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application...

Rails 加密问题漏洞

Rails is a set of open source web application frameworks based on the Ruby language from the Rails team. A cryptographic issue vulnerability exists in Rails multisite, where an attacker may be able to reuse cookies on different sites in multiple Rails applications...

PT-2021-23224 · Rubygems · Rails Multisite

Name of the Vulnerable Software and Affected Versions: rails multisite versions prior to 4 Description: The issue impacts Rails applications using rails multisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Google Maps Easy due to...

CVE-2021-39356

The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the /templates/settings.php file which allowed attackers with administrative user access to inject arbitrary web...

CVE-2021-39357

The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the /class.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.16.5. This affec...

CVE-2021-39348

The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $customprofile parameter found in the /inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in version...

CVE-2021-39328

The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $jobboardprivacypolicylabel variable echo'd out via the /admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access t...

PT-2021-22554 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress WordPress plugin versions up to and including 4.1.3.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient escaping on the custom profile parameter in the /inc/admin/views/backend-user-profile.php...

CVE-2021-39329

The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in...

CVE-2021-39355

The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject...

CVE-2021-39343

The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in...

CVE-2021-39345

The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including...

CVE-2021-39337

The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin/jobsfunction.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions ...

CVE-2021-39336

The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to a...

CVE-2021-39338

The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, i...

CVE-2021-39335

The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to...

CVE-2021-39332

The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This...