WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting

A cross-site scripting vulnerability in js/taloaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter." id: CVE-2013-3526 info: name: WordPress Plugin Traffic Analyzer - 'aoid'...

PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting

A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier...

SpaceLogic C-Bus Home Controller <=1.31.460 - Remote Command Execution

SpaceLogic C-Bus Home Controller through 1.31.460 is susceptible to remote command execution via improper neutralization of special elements. Remote root exploit can be enabled when the command is compromised, and an attacker can potentially execute malware, obtain sensitive information, modify...

Bitrix Site Management 2.x - Open Redirect

Bitrix Site Management 2.x contains an open redirect vulnerability allowing attackers to redirect users to arbitrary external sites via crafted redirect parameters. id: CVE-2008-2052 info: name: Bitrix Site Management 2.x - Open Redirect author: pikpikcu,gtrrnr,liangtovi-debug severity: medium...

Joomla! Component Jstore - 'Controller' Local File Inclusion

A directory traversal vulnerability in Jstore comjstore component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-5286 info: name: Joomla! Component Jstore - 'Controller...

Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion

A directory traversal vulnerability in jphone.php in the JPhone comjphone component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-3426 info: name: Joomla! Component Jphone 1.0...

Joomla! Component jesectionfinder - Local File Inclusion

A directory traversal vulnerability in the JExtensions JE Section/Property Finder jesectionfinder component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. id: CVE-2010-2680 info: name: Joomla!...

Art Gallery Management System Project v1.0 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. id: CVE-2023-23161 info: name: Art...

Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting

Reflected cross-site scripting XSS exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. id: CVE-2022-48197 info: name: Yahoo User Interface library YUI2 TreeView v2.8.2 - Cross-Site Scripting...

Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions such as blocking legitimate instructors. id: CVE-2020-8615 info: name: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Reque...

IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting

IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter. id: CVE-2020-8512 info: name: IceWarp WebMail Server =11.4.4.2 or apply the vendor-provided patch to mitigate the vulnerability. reference: -...

WordPress Checklist <1.1.9 - Cross-Site Scripting

WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file. id: CVE-2019-16525 info: name: WordPress Checklist 1.1.9 - Cross-Site Scripting author: daffainfo severity: medium description:...

WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting

WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...

AvantFAX 3.3.3 - Cross-Site Scripting

AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. id: CVE-2017-18024 info: name: AvantFAX 3.3.3 - Cross-Site Scripting author: pikpikc...

WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal

WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in downloadaudio.php that allows remote attackers to read arbitrary files via a .. dot dot in the file parameter. id: CVE-2015-4414 info: name: WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversa...

Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion

A directory traversal vulnerability in the givesight PowerMail Pro compowermail component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1532 info: name: Joomla!...

Tarantella Enterprise <3.11 - Local File Inclusion

Tarantella Enterprise versions prior to 3.11 are susceptible to local file inclusion. id: CVE-2018-19753 info: name: Tarantella Enterprise 3.11 - Local File Inclusion author: 0xAkoko severity: high description: | Tarantella Enterprise versions prior to 3.11 are susceptible to local file inclusion...

LISTSERV 17 - Cross-Site Scripting

LISTSERV 17 web interface contains a cross-site scripting vulnerability. An attacker can inject arbitrary JavaScript or HTML via the "c" parameter, thereby possibly allowing the attacker to steal cookie-based authentication credentials and launch other attacks. id: CVE-2022-39195 info: name:...

Nortek Linear eMerge E3-Series - Cross-Site Scripting

There is a local session fixation vulnerability that, when chained with cross-site scripting, leads to account take over of admin or a lower privileged user. id: CVE-2022-31798 info: name: Nortek Linear eMerge E3-Series - Cross-Site Scripting author: ritikchaddha severity: medium description: |...

WordPress WPvivid Backup <0.9.76 - Local File Inclusion

WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server. id: CVE-2022-2863 info: name: WordPress...