22 matches found
CVE-2024-37479
Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit Progress Bar" widget in New Post, specifically in the "progresstype" attribute.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.8.1...
WordPress plugin Githuber MD cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2023-38904
A Cross Site Scripting XSS vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function...
Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title
Exploit Title: Authenticated Persistent XSS in Cameleon CMS 2.7.4 Google Dork: intext:"Camaleon CMS is a free and open-source tool and a fexible content management system CMS based on Ruby on Rails" Date: 2023-10-05 Exploit Author: Yasin Gergin Vendor Homepage: http://camaleon.tuzitio.com Softwar...
Stored XSS while creating a new post
Description After login to portal create a new post and type the following text with XSS payload Proof of Concept 1. Login to portal. 2. create a post with xss paylaod 3. save it Payload 09;& Poc: !alt textlogo logo: https://i.imgur.com/SHDZRWt.png !alt textlogo1 logo1:...
memos 跨站脚本漏洞
memos is an open source hosted meme center with knowledge management and social features. A cross-site scripting vulnerability exists in memos that stems from stored XSS when creating a new post in usememos memos...
OrangeHRM 跨站脚本漏洞
OrangeHRM is a human resource management system HRM from OrangeHRM USA. The system supports personnel information management, leave management, time and attendance management and recruitment management, etc. A cross-site scripting vulnerability exists in OrangeHRM v4.10.1, which stems from a lack...
CVE-2015-4039
Multiple cross-site scripting XSS vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified 1 profile fields or 2 new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmatio...
phpEnter 4.2.7 Cross Site Request Forgery
function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "http://sitename/path/addnews.php", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8"; xhr.setRequestHeader"Accept-Language", "en-US,en;q=0.5"; xhr.setRequestHeader"Content-Type"...
BirdBlog 1.4.0 - (Add New Post) Cross-Site Request Forgery
Exploit for php platform in category web applications document.forms0.submit; !--...
BirdBlog 1.4.0 - Cross-Site Request Forgery (Add New Post)
document.forms0.submit;...
phpEnter 4.2.7 - Cross-Site Request Forgery (Add New Post)
function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "http://sitename/path/addnews.php", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8"; xhr.setRequestHeader"Accept-Language", "en-US,en;q=0.5"; xhr.setRequestHeader"Content-Type"...
phpEnter 4.2.7 - Cross-Site Request Forgery (Add New Post)
phpEnter 4.2.7 - Cross-Site Request Forgery Add New Post function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "http://sitename/path/addnews.php", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...
Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post)
Maian Weblog 4.0 - Cross-Site Request Forgery Add New Post Exploit Title : Maian Weblog 4.0 - Cross-Site Request Forgery Add New Post Author : Besim Google Dork : - Date : 10/10/2016 Type : webapps Platform : PHP Vendor Homepage : http://www.maianweblog.com Software link :...
Maian Weblog 4.0 - Cross-Site Request Forgery ( Add New Post)
Exploit for php platform in category web applications Exploit Title : Maian Weblog 4.0 - Cross-Site Request Forgery Add New Post Author : Besim Google Dork : - Date : 10/10/2016 Type : webapps Platform : PHP Vendor Homepage : http://www.maianweblog.com Software link :...
Spacemarc News - Cross-Site Request Forgery (Add New Post)
Exploit Title : Spacemarc News - Cross-Site Request Forgery Add New Post Author : Besim Google Dork : - Date : 10/10/2016 Type : webapps Platform : PHP Vendor Homepage : http://www.spacemarc.it Software link : http://www.hotscripts.com/listings/jump/download/107255 CSRF PoC function submitRequest...
miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)
miniblog 1.0.1 - Cross-Site Request Forgery Add New Post Exploit Title : miniblog 1.0.1 - Cross-Site Request Forgery Add New Post Author : Besim Google Dork : Date : 09/10/2016 Type : webapps Platform : PHP Vendor Homepage : http://www.spyka.net/scripts/php/miniblog Software link :...
miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)
Exploit for php platform in category web applications Exploit Title : miniblog 1.0.1 - Cross-Site Request Forgery Add New Post Author : Besim Google Dork : Date : 09/10/2016 Type : webapps Platform : PHP Vendor Homepage : http://www.spyka.net/scripts/php/miniblog Software link :...
WordPress Social Hashtags Plugin <= 2.0.0 - Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability in new post title field. Solution Update the plugin...
WordPress Social Hashtags Plugin <= 2.0.0 - Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability in new post title field. Solution Update the plugin...