192 matches found
Cross site scripting
Multiple Authenticated Reflected Cross-Site Scripting XSS vulnerabilities in WordPress Awesome Support plugin versions = 6.0.6, vulnerable parameters &id, &assignee...
CVE-2021-36919 WordPress Awesome Support plugin <= 6.0.6 - Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Reflected Cross-Site Scripting XSS vulnerabilities in WordPress Awesome Support plugin versions = 6.0.6, vulnerable parameters &id, &assignee...
WordPress Awesome Support plugin <= 6.0.6 - Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Reflected Cross-Site Scripting XSS vulnerabilities were discovered by Ex.Mi in WordPress Awesome Support plugin versions = 6.0.6. Solution Update the WordPress Awesome Support plugin to the latest available version at least 6.0.7...
CVE-2021-24623
The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability i...
Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)
Description The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues Edit WPScanTeam: - The original report mentioned the issue...
Unspecified Vulnerability in CloudBees Jenkins TestComplete support Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . TestComplete support Plugin is used in one of the un...
WordPress Awesome Support plugin <= 5.8.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by 0xPablito in WordPress Awesome Support plugin versions = 5.8.2. Solution Update the WordPress Awesome Support plugin to the latest available version at least 6.0.0...
CloudBees Jenkins Alauda Kubernetes Suport Plugin Authorization Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...
CVE-2019-16575
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...
CVE-2019-16575
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...
CVE-2019-16576
CVE-2019-16576 affects Jenkins Alauda Kubernetes Support Plugin (versions 2.3.0 and earlier). The issue is a missing permission check that lets attackers with Overall/Read access connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, potenti...
CVE-2019-16575
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...
WordPress awesome-support plugin security feature issue vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. awesome-support is a helpdesk and ticketing system plugin used in it. The WordPress awesome-support plugin suffers from a security...
CVE-2015-9317
The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages...
CVE-2015-9318
The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies...
CVE-2015-9318
The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies...
CVE-2015-9318
CVE-2015-9318 affects the WordPress plugin Awesome Support prior to 3.1.7. The vulnerability is that shortcodes are allowed in replies, stemming from the plugin’s handling of reply content. According to NVD, the issue has CVSS v2 base score 5.0 (MEDIUM) with impact on integrity while allowing net...
CVE-2017-18507
The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS...
CVE-2017-18508
The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS...