Zabbix 跨站脚本漏洞

Zabbix is a set of open-source monitoring systems developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has a cross-site scripting vulnerability. This vulnerability arises because non-super administrators who have...

CVE-2025-55041

MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management cUsers.cfc addToGroup method that allows attackers to escalate privileges by adding any user to any group without proper authorization checks. The vulnerable function lacks CSRF token...

CVE-2025-55041

CVE-2025-55041 affects MuraCMS up to version 10.1.10. The vulnerability is a CSRF flaw in the Add To Group function for user management (cUsers.cfc addToGroup) that processes userId and groupId via getUserManager().createUserInGorup() without CSRF token validation. This enables a forged request t...

CVE-2025-59111

Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious attacker can send a GET request which allows privileged users to delete Super Admins which is not possible with GUI. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4...

CVE-2025-59111

Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious attacker can send a GET request which allows privileged users to delete Super Admins which is not possible with GUI. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4...

CVE-2025-59111

Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious attacker can send a GET request which allows privileged users to delete Super Admins which is not possible with GUI. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4...

CVE-2025-59111 Broken Access Control in Windu CMS

Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious attacker can send a GET request which allows privileged users to delete Super Admins which is not possible with GUI. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4...

CVE-2025-59111 Broken Access Control in Windu CMS

Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious attacker can send a GET request which allows privileged users to delete Super Admins which is not possible with GUI. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4...

CVE-2025-59111

CVE-2025-59111 : Windu CMS is affected by Broken Access Control in the user editing functionality. A privileged attacker can issue a GET request to delete Super Admins, an action not possible via the GUI. The issue has been tested only on version 4.1 and is fixed in version 4.1 build 2250. Other ...

PT-2025-47309

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS has a flaw related to access control in the user editing feature. An attacker with sufficient privileges can send a GET request to delete Super Admins, a...

PT-2024-38240 · WordPress · Jetformbuilder

Name of the Vulnerable Software and Affected Versions: JetFormBuilder plugin for WordPress versions up to, and including, 3.3.4.1 Description: The issue is related to improper restriction on user meta fields, allowing authenticated attackers with administrator-level and above permissions to...

CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...

SSL VPN Web Portal user credentials may be leaked to super_admins

An admin user with superadmin privileges i.e. with a superadmin profile may view the current sslvpn web portal session info, using the fnsysctl CLI command. This info includes user credentials...

Post Indexer 3.0.6.1 SQL Injection Vulnerability

Post Indexer version 3.0.6.1 suffers from a remote SQL injection vulnerability. Details ================ Software: Post Indexer Version: 3.0.6.1 Homepage: http://premium.wpmudev.org/project/post-indexer/ Advisory report:...

CVE-2015-6535: Stored XSS in YouTube Embed (WordPress plugin) allows admins to compromise super admins

Details ================ Software: YouTube Embed Version: 3.3.2 Homepage: https://wordpress.org/plugins/youtube-embed/ CVE ID: CVE-2015-6535 Pending CWE ID: CWE-79 CVSS: 5.5 Medium; AV:N/AC:L/Au:S/C:P/I:P/A:N Description ================ A stored XSS vulnerability in YouTube Embed 3.3.2 and...

WordPress YouTube Embed 3.3.2 Cross Site Scripting Vulnerability

WordPress YouTube Embed plugin version 3.3.2 suffers from a stored cross site scripting vulnerability. Details ================ Software: YouTube Embed Version: 3.3.2 Homepage: https://wordpress.org/plugins/youtube-embed/ CVE ID: CVE-2015-6535 Pending CWE ID: CWE-79 CVSS: 5.5 Medium;...

WordPress YouTube Embed 3.3.2 Cross Site Scripting

Details ================ Software: YouTube Embed Version: 3.3.2 Homepage: https://wordpress.org/plugins/youtube-embed/ CVE ID: CVE-2015-6535 Pending CWE ID: CWE-79 CVSS: 5.5 Medium; AV:N/AC:L/Au:S/C:P/I:P/A:N Description ================ A stored XSS vulnerability in YouTube Embed 3.3.2 and...

VirtueMart 1.1.2 SQL Injection

require 'msf/core' class Metasploit3 'VirtueMart %q This module exploits VirtueMart 'Janek Vind "waraxe" ', 'License' = MSFLICENSE, 'Version' = '1.0', 'References' = 'BID', '33480', 'URL', 'http://www.waraxe.us/advisory-71.html', 'URL', 'http://secunia.com/advisories/33671/' , 'DisclosureDate' =...

VirtueMart 1.1.2 - SQL Injection (Metasploit)

require 'msf/core' class Metasploit3 'VirtueMart %q This module exploits VirtueMart 'Janek Vind "waraxe" ', 'License' = MSFLICENSE, 'Version' = '1.0', 'References' = 'BID', '33480', 'URL', 'http://www.waraxe.us/advisory-71.html', 'URL', 'http://secunia.com/advisories/33671/' , 'DisclosureDate' =...