136 matches found
CVE-2022-22734
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them...
CVE-2022-22734
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them...
CVE-2022-22735
The CVE-2022-22735 entry describes a SQL injection vulnerability in WordPress Simple Quotation plugin (versions
CVE-2022-22734
The CVE-2022-22734 entry concerns the WordPress Simple Quotation plugin (versions
PT-2022-15652 · WordPress · Simple Quotation Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: The Simple Quotation WordPress plugin versions 1.3.2 and earlier Description: The issue is related to the lack of CSRF check when creating or editing a quote and the failure to sanitise and escape quotes. This allows an attacker to make a...
WordPress plugin Simple Quotation SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Simple Quotation plugin is vulnerable to SQL injection, which can be exploited by an authenticated attacker ...
WordPress plugin 跨站请求伪造漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Simple Quotation plugin version 1.3.2 and...
WordPress Simple Quotation plugin <= 1.3.2 - Quote Creation/Edition via CSRF vulnerability leading to Stored Cross-Site Scripting (XSS)
Quote Creation/Edition via CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Abhishek Bhoir in WordPress Simple Quotation plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of January 7, 2022 and is not available for download. This...
WordPress Simple Quotation plugin <= 1.3.2 - SQL injection (SQLi) vulnerability
SQL injection SQLi vulnerability discovered by Abhishek Bhoir in WordPress Simple Quotation plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of January 7, 2022 and is not available for download. This closure is temporary, pending a full review...
Simple Quotation <= 1.3.2 - Quote Creation/Edition via CSRF to Stored Cross-Site Scripting
The plugin does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them alert/XSS-image/" / alert/XSS-quote/" /...
The vulnerability of server installers for Building Management Systems Enterprise Server and Enterprise Central on Windows operating systems allows a hacker to increase their privileges.
The vulnerability of server installers for Building Management Systems like Enterprise Server and Enterprise Central on Windows operating systems is related to the absence of quotation marks in the wording of search elements or paths. Exploiting this vulnerability can allow attackers to increase...
The vulnerability of the FortiSIEM Windows Agent security management system lies in the absence of quotation marks around elements or search paths in the code. This allows attackers to escalate their privileges.
The vulnerability of the FortiSIEM Windows Agent security management system is related to the absence of quotation marks in the syntax of certain elements or search paths. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
Open-Xchange: XSS - Notes - Attribute injection through overlapping tags
The Notes app uses simple markup language to format the content, which is later converted to HTML for display. javascript // frontend/ui/apps/io.ox/notes/parser.js parsePlainText: function text var lines = .escapetext.split/\n/, openList; ... var html = lines.join'' .replace/!\.?/g, ''...
The vulnerability of the Global Protect Agent for Windows’ security software suite lies in the lack of quotation marks in the code for elements or search paths, allowing attackers to gain system privileges.
The vulnerability of the Global Protect Agent for Windows software lies in the absence of quotation marks in the code for elements or search paths. Exploiting this vulnerability can allow an attacker to gain system privileges...
QIWI: Слив какого-то access токена
An error occurred while specifying quotation mark in the GET parameter userId https://api.qiwi.me/social-networks/vk?userId=lc%27 Error contained API Token of Piggibox Application from social network VKontakte. При добавлении кавычки в GET параметр userId...
CVE-2009-5043
burn allows file names to escape via mishandled quotation marks...
Information disclosure
burn allows file names to escape via mishandled quotation marks...
CVE-2009-5043
burn allows file names to escape via mishandled quotation marks...
CVE-2009-5043
burn allows file names to escape via mishandled quotation marks...
CVE-2009-5043
burn allows file names to escape via mishandled quotation marks...