CVE-2021-43850

Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the /message-bus/diagnostics path. The impact of this vulnerability is greater on multisite Discourse instances where multiple forums are served from a singl...

CVE-2021-43850 Denial of Service in discourse

Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the /message-bus/diagnostics path. The impact of this vulnerability is greater on multisite Discourse instances where multiple forums are served from a singl...

PT-2022-11919 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.0.beta10 Discourse versions prior to 2.7.12 Description: The issue affects Discourse, an open source platform for community discussion, where admin users can trigger a Denial of Service attack via the...

CVE-2021-41836

The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $siteid parameter found in the /fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versio...

CVE-2021-42361

The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the /trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbitrary web scripts,...

Insecure Cookies

railsmultisite is susceptible to insecure cookie usage. An authenticated remote attacker is able to re-use cookies from railsmultisite across different sites which share the same secretkeybase...

CVE-2021-41263

railsmultisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker t...

GHSA-844M-CPR9-JCMH Rails Multisite secure/signed cookies share secrets between sites in a multi-site application

Impact This vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application...

Rails Multisite secure/signed cookies share secrets between sites in a multi-site application

Impact This vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application...

Rails 加密问题漏洞

Rails is a set of open source web application frameworks based on the Ruby language from the Rails team. A cryptographic issue vulnerability exists in Rails multisite, where an attacker may be able to reuse cookies on different sites in multiple Rails applications...

PT-2021-23224 · Rubygems · Rails Multisite

Name of the Vulnerable Software and Affected Versions: rails multisite versions prior to 4 Description: The issue impacts Rails applications using rails multisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Google Maps Easy due to...

CVE-2021-39357

The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the /class.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.16.5. This affec...

CVE-2021-39356

The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the /templates/settings.php file which allowed attackers with administrative user access to inject arbitrary web...

CVE-2021-39328

The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $jobboardprivacypolicylabel variable echo'd out via the /admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access t...

CVE-2021-39348

The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $customprofile parameter found in the /inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in version...

PT-2021-22554 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress WordPress plugin versions up to and including 4.1.3.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient escaping on the custom profile parameter in the /inc/admin/views/backend-user-profile.php...

CVE-2021-39343

The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in...

CVE-2021-39355

The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject...

CVE-2021-39329

The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in...