Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-1698

Malware in sbrugna...

2.6CVSS6.4AI score0.00901EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/04 12:38 p.m.35 views

CVE-2023-52147 WordPress All-In-One Security (AIOS) plugin <= 5.2.4 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects All In One WP Security & Firewall: from n/a through 5.2.4...

3.7CVSS4.2AI score0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/04 11:24 a.m.12 views

CVE-2023-49822 WordPress Ultimate Dashboard plugin <= 3.7.10 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimate Dashboard: from n/a through 3.7.10...

3.7CVSS6.8AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/04 11:24 a.m.25 views

CVE-2023-49822 WordPress Ultimate Dashboard plugin <= 3.7.10 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimate Dashboard: from n/a through 3.7.10...

3.7CVSS4.2AI score0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/04 11:7 a.m.22 views

CVE-2023-49748 WordPress WPS Hide Login plugin <= 1.9.11 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through 1.9.11...

3.7CVSS6.8AI score0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/04 10:40 a.m.15 views

CVE-2023-48335 WordPress Hide login page plugin <= 1.1.9 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login page: from n/a through 1.1.9...

3.7CVSS6.8AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/04 10:40 a.m.26 views

CVE-2023-48335 WordPress Hide login page plugin <= 1.1.9 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login page: from n/a through 1.1.9...

3.7CVSS4.2AI score0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/04 10:8 a.m.14 views

CVE-2023-47818 WordPress LWS Hide Login plugin <= 2.1.8 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LWS Hide Login: from n/a through 2.1.8...

3.7CVSS6.8AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/04 10:8 a.m.29 views

CVE-2023-47818 WordPress LWS Hide Login plugin <= 2.1.8 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LWS Hide Login: from n/a through 2.1.8...

3.7CVSS4.2AI score0.00303EPSS
Exploits0References1
Huntr
Huntr
added 2023/09/01 2:46 a.m.16 views

Store XSS in FAQ Multisites

Description I noticed, your website is very secure. But you overlooked a flaw XSS Proof of Concept 1 .Login vs admin demo account and access admin page. 2 .Go to Configuration == FAQ Multisites 3 . Edit Instance URL with payload: javascript:alertdocument.domain 4 .Edit Instance path with payload:...

4.9CVSS6.7AI score0.00336EPSS
Exploits0
Patchstack
Patchstack
added 2022/01/06 12:0 a.m.55 views

WordPress <= 5.8.2 - Authenticated Object Injection in Multisites

Authenticated Object Injection in Multisites discovered by Simon Scannell SonarSource in WordPress versions = 5.8.2. Solution Update WordPress to the latest available version at least 5.8.3...

7.2CVSS3.3AI score0.03695EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2005/05/24 4:0 a.m.25 views

CVE-2005-1698

PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to 1 theme.php or 2 Xanthia.php in the Xanthia module, 3 user.php, 4 thelang.php, 5 text.php, 6 html.php, 7 menu.php, 8 finclude.php, or 9 button.php in the pnblocks directory in the Blocks...

6AI score0.01125EPSS
Exploits0References1
Cvelist
Cvelist
added 2005/05/24 4:0 a.m.31 views

CVE-2005-1696

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 skin or 2 paletteid parameter to demo.php in the Xanthia module, or 3 the serverName parameter to config.php in the Multisites aka NS-Multisites...

5.7AI score0.00901EPSS
Exploits0References2
NVD
NVD
added 2005/05/24 4:0 a.m.26 views

CVE-2005-1696

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 skin or 2 paletteid parameter to demo.php in the Xanthia module, or 3 the serverName parameter to config.php in the Multisites aka NS-Multisites...

2.6CVSS5.7AI score0.00901EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2005/05/24 12:0 a.m.4 views

PT-2005-2673 · Postnuke · Postnuke

Name of the Vulnerable Software and Affected Versions: PostNuke versions 0.750 through 0.760RC3 Description: The issue allows remote attackers to obtain sensitive information via direct requests to various files, including theme.php and Xanthia.php in the Xanthia module, multiple files in the...

5CVSS6.2AI score0.01125EPSS
Exploits0References2
Rows per page
Query Builder