11 matches found
CVE-2025-12641 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion
The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...
EUVD-2022-2854
Malicious code in bioql PyPI...
Mahara 安全漏洞
Mahara is a free and open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions prior to 24.04.1 and 23.04.6, which stems from an information disclosure that could cause an institutional administrator to view the current submission page unde...
Autolab 跨站脚本漏洞
Autolab is an open source course management service from Autolab. It supports automatically graded programming assignments. A cross-site scripting vulnerability exists in Autolab version 3.0.1, which stems from the presence of an HTML injection vulnerability that could affect instructors and CAs ...
User Feedback < 1.0.14 - Unauthenticated Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'pagesubmitted' 'link' value due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in the feedback submission page that will execu...
HTML Forms < 1.3.25 - Admin+ SQLi
The plugin does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users Access the submission page on https://example.com/wp-admin/admin.php?page=html-forms&view=edit&formid=formID&tab=submissions Capture the...
Ninja Forms <= 3.3.19 - Authenticated Open Redirect
Open Redirect vulnerability in download submission page using URL parameter...
CVE-2017-2578
In Moodle 3.x, there is XSS in the assignment submission page...
moodle -- multiple vulnerabilities
Marina Glancy reports: MSA-17-0001: System file inclusion when adding own preset file in Boost theme MSA-17-0002: Incorrect sanitation of attributes in forums MSA-17-0003: PHPMailer vulnerability in no-reply address MSA-17-0004: XSS in assignment submission page...
Open Journal Systems (OJS) 2.3.6 - index.php?authors[][url] Cross-Site Scripting
Open Journal Systems OJS 2.3.6 - index.php?authorsurl Cross-Site Scripting source: https://www.securityfocus.com/bid/52666/info Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input: 1. An arbitrary-file-deletio...
Wordpress uCan Post plugin <= 1.0.09 Stored XSS
Exploit for php platform in category web applications Exploit Title: Wordpress uCan Post plugin window.alertdocument.cookie Email field is not sanitized but can it will check for a valid email address so the maximum result will be a reflected xss POC: email protected'"window.alertdocument.cookie...