PT-2026-42667

Name of the Vulnerable Software and Affected Versions Crawlee versions 1.0.0 through 1.6.9 Description Crawlee is subject to a blind Server-Side Request Forgery SSRF when processing sitemap-derived URLs or robots.txt directives. The issue occurs when an attacker-controlled sitemap or robots.txt...

Page Replica 代码问题漏洞

Page Replica is an open-source tool for web content extraction and structured processing developed by Page Replica. Versions of Page Replica e4a7f52e75093ee318b4d5a9a9db6751050d2ad0 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of the parameter url in th...

WordPress plugin Google XML News Sitemap plugin Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2022-3835 Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS

The Kwayy HTML Sitemap WordPress plugin before 4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

GHSA-969V-MWP3-4MR3 Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary P...

Alkacon Software OpenCms 跨站脚本漏洞

Alkacon Software OpenCms is a professional, open source, easy-to-use web content management system from Alkacon Software, Germany. A cross-site scripting vulnerability exists in Alkacon Software OpenCMS versions 10.5.0 through 11.0.2, which allows a user with a low-privileged application to store...

See how I exploit changes in Google search ranking-loophole warning-the black bar safety net

! Just a $ 12 Registration Buy a domain name, I will be able to in the Google search results achieved with Amazon, Wal-Mart and other high value keywords in the same ad rank. According to Google Adwords Google paid advertising for business point of view, similar to Amazon and Walmart such keyword...

travertinewines.com.au XSS vulnerability

Open Bug Bounty ID: OBB-500686 Description| Value ---|--- Affected Website:| travertinewines.com.au Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated...

classiccollectionsgiftshop.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-230195 Description| Value ---|--- Affected Website:| classiccollectionsgiftshop.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6....

meirionmill.co.uk XSS vulnerability

Vulnerable URL: http://www.meirionmill.co.uk/sitemap.jsp?a=test%22%27--!%3E%3CImage%0CSrcset%3DK%0COnerror%3DconfirmOPENBUGBOUNTY%0C Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

Sql injection

SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action...