GHSA-PWGG-R6FQ-MF94 YOURLS Stored Cross Site Scripting (XSS)

Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...

YOURLS Stored Cross Site Scripting (XSS)

Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...

org.jenkins-ci.plugins:php (=1.0) potentially affected by CVE-2017-1000103 via org.jvnet.hudson.plugins:dry (=2.33)

org.jvnet.hudson.plugins:dry MAVEN version =2.33 is affected by a known vulnerability. The following packages have a transitive dependency on org.jvnet.hudson.plugins:dry and may be impacted: - org.jenkins-ci.plugins:php =1.0 Source cves: CVE-2017-1000103 Source advisory: OSV:GHSA-63CJ-3R94-234V...

org.jenkins-ci.plugins:php (=1.0) potentially affected by CVE-2018-1000010 via org.jvnet.hudson.plugins:dry (=2.33)

org.jvnet.hudson.plugins:dry MAVEN version =2.33 is affected by a known vulnerability. The following packages have a transitive dependency on org.jvnet.hudson.plugins:dry and may be impacted: - org.jenkins-ci.plugins:php =1.0 Source cves: CVE-2018-1000010 Source advisory: OSV:GHSA-X7QF-QH3R-MX22...

com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) +1 more potentially affected by CVE-2018-1000009 via org.jvnet.hudson.plugins:checkstyle (>=3.32 <=3.43)

org.jvnet.hudson.plugins:checkstyle MAVEN version =3.32, =1.7.2, =1.0.0, =1.7.1 - org.jenkins-ci.plugins:php =1.0 Source cves: CVE-2018-1000009 Source advisory: OSV:GHSA-JFJ9-7J5W-6XGX...

CVE-2020-27388

Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...

CVE-2020-27388

Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...

Cross site scripting

Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...

CVE-2020-27388

Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...

CVE-2011-1135

Cross-Site Scripting XSS in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php...

WordPress insert-php plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress insert-php plugin versions prior to 2.2.8. The...

Design/Logic Flaw

The insert-php aka Woody ad snippets plugin before 2.2.8 for WordPress allows authenticated XSS via the winpitem parameter...

CVE-2019-16289

The insert-php aka Woody ad snippets plugin before 2.2.8 for WordPress allows authenticated XSS via the winpitem parameter...

Wordpress Support Board 1.2.3 Plugin - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Support Board 1.2.3 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://schiocco.com/ Software Link : https://board.support/ Software : Support Board - Chat And Help Desk Version :...

WordPress Strong Testimonials 2.31.4 Cross Site Scripting

DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities Advisory ID: DC-2018-05-007 Advisory Title: WordPress Strong Testimonials Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPre...

[SECURITY] [DSA 4142-1] uwsgi security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4142-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 17, 2018 https://www.debian.org/security/faq -...

uWSGI 2.0.17 - Directory Traversal

uWSGI 2.0.17 - Directory Traversal Exploit Title: uWSGI PHP Plugin Directory Traversal Date: 01-03-2018 Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis - RUNESEC Vendor Homepage: https://uwsgi-docs.readthedocs.io Affected Software: uWSGI PHP Plugin...

uWSGI &lt; 2.0.17 - Directory Traversal

Exploit Title: uWSGI PHP Plugin Directory Traversal Date: 01-03-2018 Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis - RUNESEC Vendor Homepage: https://uwsgi-docs.readthedocs.io Affected Software: uWSGI PHP Plugin before 2.0.17 Tested on: uWSGI 2.0.12...

WordPress 4.7.0 / 4.7.1 Plugin Insert PHP - PHP Code Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection Exploit Author: sucuri.net @sucurisecurity Date: 2017-02-09 Google Dork : inurl:/wp-content/plugins/insert-php/ Vendor Homepage:...

WordPress plugin Foxypress uploadify.php Arbitrary Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...