Lucene search
K

175 matches found

seebug.org
seebug.org
added 2016/03/08 12:0 a.m.23 views

wordpress comment-rating-plugin edit-comments.php文件tab参数跨站脚本漏洞

No description provided by source...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/01/30 12:0 a.m.37 views

WordPress Comment Rating 1.5.0 Cross Site Scripting

FULL DISCLOSURE Product : wp-comment-rating Exploit Author : Rahul Pratap Singh Version : 1.5.0 Home page Link : http://codecanyon.net/item/wordpress-comment-rating-plugin/6582710 Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 30/Jan/2016 XSS...

7.4AI score
Exploits0
CNVD
CNVD
added 2015/12/01 12:0 a.m.5 views

Calls to Action WordPress Plugin Reflective Cross-Site Scripting Vulnerability

Calls to Action is a plugin for calling events on WordPress sites. Calls to Action 2.4.3 and earlier versions do not effectively filter the "open-tab" HTTP GET parameter value and the "wp-cta-variation-id" HTTP GET parameter value, which allows an unauthenticated, remote attacker to trick...

6.1CVSS6.8AI score0.02645EPSS
Exploits3References1
CNVD
CNVD
added 2015/08/19 12:0 a.m.5 views

WordPress GD bbPress Attachments Plugin Directory Traversal Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports the PHP and MySQL server to set up a personal blog site. gd bbPress Attachments is one of the support for uploading attachments to the bbPress open-source forum progra...

4CVSS6.8AI score0.01806EPSS
Exploits1References1
NVD
NVD
added 2015/08/18 5:59 p.m.24 views

CVE-2015-5481

Cross-site scripting XSS vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpressattachments page to wp-admin/edit.php...

4.3CVSS5.8AI score0.02055EPSS
Exploits1References5
Prion
Prion
added 2015/08/18 5:59 p.m.13 views

Directory traversal

Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. dot dot in the tab parameter in the gdbbpressattachments page to wp-admin/edit.php...

4CVSS7.7AI score0.01806EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2015/08/18 5:59 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpressattachments page to wp-admin/edit.php...

4.3CVSS6.3AI score0.02055EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2015/08/18 5:0 p.m.24 views

CVE-2015-5481

Cross-site scripting XSS vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpressattachments page to wp-admin/edit.php...

5.8AI score0.02055EPSS
Exploits1References5
CVE
CVE
added 2015/08/18 5:0 p.m.36 views

CVE-2015-5481

The CVE-2015-5481 entry documents a Cross-site scripting (XSS) vulnerability in the GD bbPress Attachments WordPress plugin. Affects versions prior to 2.3, vulnerable code resides in forms/panels.php where the tab parameter of gdbbpress_attachments (on wp-admin/edit.php) is not properly filtered,...

4.3CVSS6AI score0.02055EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2015/07/02 12:0 a.m.2 views

Novius OS Directory Traversal Vulnerability

Novius OS is an open source PHP-based content management system CMS. A directory traversal vulnerability exists in Novius OS version 5.0.1. A remote attacker can use the directory traversal character '...' in the 'tab' parameter of the novius-os/admin/ URI to The vulnerability can be exploited to...

7.5CVSS7.3AI score0.07142EPSS
Exploits2References1
Cvelist
Cvelist
added 2013/09/26 3:0 p.m.57 views

CVE-2013-4626

Cross-site scripting XSS vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php...

5.7AI score0.02058EPSS
Exploits3References5
Prion
Prion
added 2008/10/06 7:56 p.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...

4.3CVSS6.2AI score0.01445EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2008/09/02 3:41 p.m.16 views

Sql injection

Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow 1 remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and 2 remote authenticated administrators to execute arbitrary SQL commands via the userid parameter in a viewus...

6CVSS8.8AI score0.00931EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2008/03/20 10:44 a.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in Multiple Time Sheets MTS 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to 1 index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or 2 clientinfo.php, 3 invoices.ph...

4.3CVSS6.2AI score0.01776EPSS
Exploits1References7
NVD
NVD
added 2008/03/20 10:44 a.m.21 views

CVE-2008-1414

Cross-site scripting XSS vulnerability in Multiple Time Sheets MTS 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to 1 index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or 2 clientinfo.php, 3 invoices.ph...

4.3CVSS5.7AI score0.01776EPSS
Exploits1References7
Rows per page
Query Builder