CVE-2023-6633

The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks...

Site Notes <= 2.0.0 - Admin Note Deletion via CSRF

Description The plugin does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks PoC Have an administrator open the following HTML file:...

WordPress Content Scheduler: Editorial Calendar and Notes Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Content Scheduler: Editorial Calendar and Notes Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bce889e4798c Credits...

Simple Post Notes < 1.7.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Notes placeholder" settings of the plugin: alert/XSS/...

MyBB Moderator Log Notes Plugin Cross-Site Request Forgery Vulnerability

MyBB aka MyBulletinBoard is a free and Web-based forum software developed by the MyBB team using PHP and MySQL.Moderator Log Notes plugin is used in one of the plug-ins used to manage log records. A cross-site request forgery vulnerability exists in version 1.1 of the MyBB Moderator Log Notes...

CVE-2018-11502

An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF...

CVE-2018-11430

An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea...

CVE-2018-11430

The CVE-2018-11430 entry involves the MyBB Moderator Log Notes plugin (version 1.1) for MyBB. A cross-site scripting (XSS) vulnerability exists in the mod notes textarea used by moderators in the Moderator Control Panel, allowing arbitrary script injection when notes are saved/displayed. Connecte...

MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 CVE: N/A 1. Description: The plugin allows...

MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting

Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Date: 2018-05-17 Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 CVE: N/A 1. Description: The plugin allows moderators to save notes and display them...

MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting

MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Date: 2018-05-17 Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 CVE: N/A 1. Description:...

CVE-2018-11092

An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table aka Clear Table action...

CVE-2018-11092

The CVE describes a CSRF flaw in the MyBB Admin Notes plugin (version 1.1) where an attacker can remotely delete all admin notes via admin/index.php?empty=table (Clear Table). Affected component: Admin Notes plugin for MyBB. Impact: deletion of all admin notes. Root cause: CSRF vulnerability. Exp...

CVE-2018-11092

An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table aka Clear Table action...

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB Admin Notes Plugin - CSRF Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1106 Version: 1.1 Tested on: Ubuntu 18.04 1. Description: The plugi...

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery Exploit Title: MyBB Admin Notes Plugin - CSRF Date: 2018-05-14 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1106 Version: 1.1 Tested on: Ubuntu 18.04 1...

Fedora Update for xfce4-notes-plugin FEDORA-2007-4368

Check for the Version of xfce4-notes-plugin OpenVAS Vulnerability Test Fedora Update for xfce4-notes-plugin FEDORA-2007-4368 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Fedora Update for xfce4-notes-plugin FEDORA-2007-4385

Check for the Version of xfce4-notes-plugin OpenVAS Vulnerability Test Fedora Update for xfce4-notes-plugin FEDORA-2007-4385 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Fedora Update for xfce4-notes-plugin FEDORA-2007-4368

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for xfce4-notes-plugin FEDORA-2007-4385

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...