WordPress plugin YourChannel 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

PT-2023-17296 · WordPress · Yourchannel

Name of the Vulnerable Software and Affected Versions: YourChannel plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save function. This allows unauthenticated attackers to...

Cross site scripting

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to...

Codiad 信息泄露漏洞

Codiad is a website builder from the Codiad team that provides Web-based IDE functionality. An information disclosure vulnerability exists in Codiad version 2.8.0, which stems from a problem with the saveJSON function in the file components/install/process.php, where manipulation of the parameter...

CVE-2023-0086

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...

CVE-2023-0086

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...

WordPress plugin JetWidgets for Elementor 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin JetWidgets...

Privilege Escalation

DSInternals is vulnerable to privilege escalation. The vulnerability exists in the save function of RoamedCredential.cs because invalid characters are not properly parsed in windows roaming credential service which allows an attacker to write files on the file system with elevate privileges...

PT-2022-23081 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue occurs when Save or SaveSlices is run over tensors of an unsupported...

Path Traversal

django is vulnerable to path traversal. The vulnerability exists in the save function in storage.py as it does not properly validate the filenames, allowing an attacker to access files outside the expected directory through the crafted filenames...

CVE-2021-39347

The Stripe for WooCommerce WordPress plugin is missing a capability check on the save function found in the /includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases...

CVE-2020-19156

Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...

CVE-2020-19156

Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...

Cross site scripting

Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...

CVE-2020-12670

XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A...

CVE-2020-12670

XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A...

CVE-2016-3169

The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the usersave function with an explicit category and loads all roles into the array...

UBUNTU-CVE-2016-3169

The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the usersave function with an explicit category and loads all roles into the array...

Mao10CMS V3.3.0 两处sql注入（官网demo测试）

简要描述： V3.3.0 两处sql注入。 详细说明： 发现mao10 用的是老版本的tp框架，于是乎注入就来了。。 1 /Application/User/Controller/IndexController.class.php public function edit$id=false if!isnumeric$id $id = mcuserid; ; ifisnumeric$id ifmcuserid==$id ifmcremovehtml$POST'title','all' $title =...