CVE-2025-10691

The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the showeditsubpage function. This makes it possible for unauthenticated attackers to delete arbitrary...

EUVD-2014-2939

Malware in sbrugna...

JetBrains TeamCity Subscription Page Cross-Site Scripting Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...

SUSE CVE-2009-3266

Opera before 10.01 does not properly restrict HTML in a 1 RSS or 2 Atom feed, which allows remote attackers to conduct cross-site scripting XSS attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed,...

Atlassian Jira 安全漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. An access control error vulnerability exists in Atlassian Jira Server and Data Center due to an interruption access control vulnerability in /secure/EditSubscription.jspa, which can be exploited by a remote,...

Galette 跨站脚本漏洞

Galette is open source a membership management web application for non-profit organizations. Galette suffers from a cross-site scripting vulnerability in versions prior to 0.9.5 that stems from a lack of checksum filtering of user-supplied and output data. An attacker could store malicious...

CVE-2021-38583

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting XSS on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp with view= and data=...

openBaraza HCM 跨站脚本漏洞

openBaraza HCM is a comprehensive HR and Talent Management software solution that encompasses not only traditional core HR functionality, but also key aspects of Talent Management. A cross-site scripting vulnerability exists in openBaraza HCM that stems from openBaraza HCM not properly escaping...

Forbes Becomes Latest Victim of Magecart Payment Card Skimmer

The payment card-siphoning Magecart group has struck again; this time injecting web-skimming scripts into the subscription website for the Forbes print magazine as well as a slew of others over the past week. Scroll down for our exclusive podcast on Magecart The script, which has since been...

yowcanada.com XSS vulnerability

Open Bug Bounty ID: OBB-600919 Description| Value ---|--- Affected Website:| yowcanada.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

soyang.net XSS vulnerability

Open Bug Bounty ID: OBB-599613 Description| Value ---|--- Affected Website:| soyang.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

gohomeltd.com XSS vulnerability

Vulnerable URL: http://www.gohomeltd.com/Store/Subscription.asp?ResponseID=1"...

CVE-2014-2916

Cross-site request forgery CSRF vulnerability in the subscription page editor spageedit in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the subscription page editor spageedit in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/...

CVE-2014-2916

CVE-2014-2916 affects phpList’s subscription page editor (spageedit) up to version 3.0.6. The issue is a Cross-site request forgery (CSRF) that enables an attacker to hijack an administrator’s session via a request to admin/. The vulnerability is triggered through authenticated admin actions, ena...

CVE-2014-2916

Cross-site request forgery CSRF vulnerability in the subscription page editor spageedit in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/...

FreeBSD : opera -- multiple vulnerabilities (2fda6bd2-c53c-11de-b157-001999392805)

Opera Team Reports : - Fixed an issue where certain domain names could allow execution of arbitrary code, as reported by Chris Weber of Casaba Security - Fixed an issue where scripts can run on the feed subscription page, as reported by Inferno %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Unfixed XSS vulnerability at www.mobilemag.com

Security researcher InSiDe, has submitted on 23/05/2007 a cross-site-scripting XSS vulnerability affecting www.mobilemag.com, which at the time of submission ranked 27287 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 24/05/2007. It is current...