19 matches found
CVE-2024-42632
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/page/add...
PT-2024-30083 · Frog Cms · Frog Cms
Name of the Vulnerable Software and Affected Versions: FrogCMS version 0.9.5 Description: A Cross-Site Request Forgery CSRF issue was found in FrogCMS. The vulnerability can be exploited via the "/admin/?/page/add" API endpoint. Recommendations: For FrogCMS version 0.9.5, consider disabling acces...
CVE-2024-42632
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/page/add...
CVE-2021-24619
The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...
CVE-2021-24619 Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS
The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...
CVE-2021-24619
The CVE-2021-24619 refers to the WordPress Per Page Add to Head plugin (
CVE-2021-24586
CVE-2021-24586 affects the WordPress plugin “Per page add to head” (versions before 1.4.4). The vulnerability arises from a lack of CSRF protection when saving settings, enabling a logged-in admin’s actions to be manipulated. The plugin also allows arbitrary HTML to be inserted in one setting, cr...
CVE-2021-24586 Per Page Add to Head < 1.4.4 - CSRF to Stored XSS
The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting feature mentioned by the plugin, this...
Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS
The plugin does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues. Note: The plugin is no longer maintained. Put the following payload in t...
Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS
The plugin does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues. Note: The plugin is no longer maintained. PoC Put the following payload ...
WordPress Per page add to head plugin <= 1.4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Prashant Karman Patel in WordPress Per page add to head plugin versions = 1.4.4. Solution This plugin has been closed as of June 7, 2021 and is not available for download. Reason: Security Issue...
CXUUCMS Cross-Site Request Forgery Vulnerability
CxuuCms is an easy-to-use, open source PHP+Mysql based content management system. CXUUCMS 3.1 suffers from a cross-site request forgery vulnerability. An attacker can add an administrator account via admin.php?c=adminuser&a=add to exploit this vulnerability...
CVE-2020-35346
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add...
CVE-2018-15842
WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter...
Cross site request forgery (csrf)
Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request...
CVE-2018-13340
Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request...
CVE-2018-13340
Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request...
CVE-2018-13340
Gleez CMS 1.2.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability. Multiple connected sources describe the vulnerability and its impact: an unauthenticated CSRF condition can trigger a /page/add operation, enabling creation of new pages (and logs in at least one report). The CNVD e...
Intermittent Session Lost During Add/Edit Page in Firefox
We customized Seraph to integrate with our SSO Server. Seraph will perform session validation through cookies. When using firefox, we found that in 1 out of 5 to 8 times when we edit a page or add a new page, we will lose our session and be directed back to the login page. This does not happen in...