2429 matches found
CVE-2024-41241
A Reflected Cross Site Scripting XSS vulnerability was found in " /smsa/adminlogin.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter...
Kashipara Responsive School Management System 安全漏洞
Kashipara Responsive School Management System is a school management system from Kashipara. A security vulnerability exists in Kashipara Responsive School Management System version v3.2.0, which stems from an incorrect access control vulnerability contained in the /smsa/viewstudents.php file...
CVE-2024-7461 ForIP Tecnologia Administração PABX monitcallcenter authMonitCallcenter sql injection
A vulnerability was found in ForIP Tecnologia Administração PABX 1.x. It has been rated as critical. Affected by this issue is some unknown functionality of the file /authMonitCallcenter of the component monitcallcenter. The manipulation of the argument user leads to sql injection. The attack may...
CVE-2024-3238 WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion
The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajaxhandledeleteicons function. This makes it possible for unauthenticate...
CVE-2024-3238 WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion
The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajaxhandledeleteicons function. This makes it possible for unauthenticate...
PT-2024-24541 · WordPress · Superfly Responsive Menu
Name of the Vulnerable Software and Affected Versions: WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress versions up to and including 5.0.29 Description: The issue is related to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the ajax handle...
WordPress plugin Superfly Responsive Menu 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-7334 TOTOLINK EX1200L cstecgi.cgi UploadCustomModule buffer overflow
A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed t...
CVE-2024-7127
CVE-2024-7127 describes an XSS flaw in Stackposts Social Marketing Tool caused by improper neutralization of input during web page generation. Submitting a payload in the username at registration can be executed later in the application panel, potentially leading to unauthorized disclosure of inf...
WordPress Responsive Tabs plugin <= 4.0.8 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Krugov Aryom in WordPress Plugin Responsive Tabs versions = 4.0.8...
CVE-2024-4096
The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-4096
The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-4096 Responsive Tabs <= 4.0.8 - Contributor+ Stored XSS
The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-4096 Responsive Tabs <= 4.0.8 - Contributor+ Stored XSS
The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-7212
A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268B20220504. This issue affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack may be initiated remotely. The...
WordPress plugin Responsive Tabs 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-29175 · WordPress · Responsive Tabs
Name of the Vulnerable Software and Affected Versions: Responsive Tabs WordPress plugin versions 4.0.8 and earlier Description: The issue allows high privilege users, such as Contributors and above, to perform Stored Cross-Site Scripting attacks due to the plugin not sanitizing and escaping some ...
WordPress Responsive Tabs Plugin <= 4.0.8 is vulnerable to Cross Site Scripting (XSS)
Software Responsive Tabs Type Plugin Vulnerable versions = 4.0.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4096 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d75c9df585a3 Credits Krugov Aryom Required...
CVE-2024-7184
A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182B20201102 and classified as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely...
CVE-2024-7179
CVE-2024-7179 affects TOTOLINK A3600R 4.1.2cu.5182_B20201102. The issue lies in the function setParentalRules within /cgi-bin/cstecgi.cgi , where manipulation of the arguments startTime/endTime enables a buffer overflow . The vulnerability can be exploited remotely over the network; exploitation ...