Lucene search
K

136 matches found

OSV
OSV
added 2022/03/14 3:15 p.m.3 views

CVE-2022-22734

The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them...

6.1CVSS6.5AI score0.00788EPSS
Exploits2References1
NVD
NVD
added 2022/03/14 3:15 p.m.21 views

CVE-2022-22734

The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them...

6.1CVSS0.00788EPSS
Exploits2References1
CVE
CVE
added 2022/03/14 2:41 p.m.147 views

CVE-2022-22735

The CVE-2022-22735 entry describes a SQL injection vulnerability in WordPress Simple Quotation plugin (versions

8.8CVSS9AI score0.01297EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/03/14 2:41 p.m.90 views

CVE-2022-22734

The CVE-2022-22734 entry concerns the WordPress Simple Quotation plugin (versions

6.1CVSS6AI score0.00788EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/14 12:0 a.m.4 views

PT-2022-15652 · WordPress · Simple Quotation Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Simple Quotation WordPress plugin versions 1.3.2 and earlier Description: The issue is related to the lack of CSRF check when creating or editing a quote and the failure to sanitise and escape quotes. This allows an attacker to make a...

6.1CVSS5.9AI score0.00788EPSS
Exploits2References6
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.4 views

WordPress plugin Simple Quotation SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Simple Quotation plugin is vulnerable to SQL injection, which can be exploited by an authenticated attacker ...

8.8CVSS5.9AI score0.01297EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.2 views

WordPress plugin 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Simple Quotation plugin version 1.3.2 and...

6.1CVSS5.2AI score0.00788EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/02/17 12:0 a.m.20 views

WordPress Simple Quotation plugin <= 1.3.2 - Quote Creation/Edition via CSRF vulnerability leading to Stored Cross-Site Scripting (XSS)

Quote Creation/Edition via CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Abhishek Bhoir in WordPress Simple Quotation plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of January 7, 2022 and is not available for download. This...

6.1CVSS2.7AI score0.00788EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/17 12:0 a.m.17 views

WordPress Simple Quotation plugin <= 1.3.2 - SQL injection (SQLi) vulnerability

SQL injection SQLi vulnerability discovered by Abhishek Bhoir in WordPress Simple Quotation plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of January 7, 2022 and is not available for download. This closure is temporary, pending a full review...

8.8CVSS3.4AI score0.01297EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.127 views

Simple Quotation <= 1.3.2 - Quote Creation/Edition via CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them alert/XSS-image/" / alert/XSS-quote/" /...

6.1CVSS0.2AI score0.00788EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2021/04/01 12:0 a.m.6 views

The vulnerability of server installers for Building Management Systems Enterprise Server and Enterprise Central on Windows operating systems allows a hacker to increase their privileges.

The vulnerability of server installers for Building Management Systems like Enterprise Server and Enterprise Central on Windows operating systems is related to the absence of quotation marks in the wording of search elements or paths. Exploiting this vulnerability can allow attackers to increase...

7CVSS7.1AI score0.00271EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/10/14 12:0 a.m.9 views

The vulnerability of the FortiSIEM Windows Agent security management system lies in the absence of quotation marks around elements or search paths in the code. This allows attackers to escalate their privileges.

The vulnerability of the FortiSIEM Windows Agent security management system is related to the absence of quotation marks in the syntax of certain elements or search paths. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

10CVSS7.7AI score0.01545EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2020/09/30 10:58 p.m.17 views

Open-Xchange: XSS - Notes - Attribute injection through overlapping tags

The Notes app uses simple markup language to format the content, which is later converted to HTML for display. javascript // frontend/ui/apps/io.ox/notes/parser.js parsePlainText: function text var lines = .escapetext.split/\n/, openList; ... var html = lines.join'' .replace/!\.?/g, ''...

0.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/08/06 12:0 a.m.5 views

The vulnerability of the Global Protect Agent for Windows’ security software suite lies in the lack of quotation marks in the code for elements or search paths, allowing attackers to gain system privileges.

The vulnerability of the Global Protect Agent for Windows software lies in the absence of quotation marks in the code for elements or search paths. Exploiting this vulnerability can allow an attacker to gain system privileges...

4.3CVSS6.7AI score0.0037EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2019/11/12 11:30 a.m.21 views

QIWI: Слив какого-то access токена

An error occurred while specifying quotation mark in the GET parameter userId https://api.qiwi.me/social-networks/vk?userId=lc%27 Error contained API Token of Piggibox Application from social network VKontakte. При добавлении кавычки в GET параметр userId...

0.7AI score
Exploits0
NVD
NVD
added 2019/10/31 4:15 p.m.22 views

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks...

9.8CVSS9.5AI score0.0123EPSS
Exploits0References1
Prion
Prion
added 2019/10/31 4:15 p.m.18 views

Information disclosure

burn allows file names to escape via mishandled quotation marks...

7.5CVSS7AI score0.0123EPSS
Exploits0References1Affected Software2
UbuntuCve
UbuntuCve
added 2019/10/31 4:15 p.m.45 views

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks...

9.8CVSS7.2AI score0.0123EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2019/10/31 4:15 p.m.2 views

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks...

9.8CVSS5.5AI score0.0123EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/10/31 3:28 p.m.26 views

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks...

9.5AI score0.0123EPSS
Exploits0References1
Rows per page
Query Builder