175 matches found
wordpress comment-rating-plugin edit-comments.php文件tab参数跨站脚本漏洞
No description provided by source...
WordPress Comment Rating 1.5.0 Cross Site Scripting
FULL DISCLOSURE Product : wp-comment-rating Exploit Author : Rahul Pratap Singh Version : 1.5.0 Home page Link : http://codecanyon.net/item/wordpress-comment-rating-plugin/6582710 Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 30/Jan/2016 XSS...
Calls to Action WordPress Plugin Reflective Cross-Site Scripting Vulnerability
Calls to Action is a plugin for calling events on WordPress sites. Calls to Action 2.4.3 and earlier versions do not effectively filter the "open-tab" HTTP GET parameter value and the "wp-cta-variation-id" HTTP GET parameter value, which allows an unauthenticated, remote attacker to trick...
WordPress GD bbPress Attachments Plugin Directory Traversal Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports the PHP and MySQL server to set up a personal blog site. gd bbPress Attachments is one of the support for uploading attachments to the bbPress open-source forum progra...
CVE-2015-5481
Cross-site scripting XSS vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpressattachments page to wp-admin/edit.php...
Directory traversal
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. dot dot in the tab parameter in the gdbbpressattachments page to wp-admin/edit.php...
Cross site scripting
Cross-site scripting XSS vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpressattachments page to wp-admin/edit.php...
CVE-2015-5481
Cross-site scripting XSS vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpressattachments page to wp-admin/edit.php...
CVE-2015-5481
The CVE-2015-5481 entry documents a Cross-site scripting (XSS) vulnerability in the GD bbPress Attachments WordPress plugin. Affects versions prior to 2.3, vulnerable code resides in forms/panels.php where the tab parameter of gdbbpress_attachments (on wp-admin/edit.php) is not properly filtered,...
Novius OS Directory Traversal Vulnerability
Novius OS is an open source PHP-based content management system CMS. A directory traversal vulnerability exists in Novius OS version 5.0.1. A remote attacker can use the directory traversal character '...' in the 'tab' parameter of the novius-os/admin/ URI to The vulnerability can be exploited to...
CVE-2013-4626
Cross-site scripting XSS vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php...
Cross site scripting
Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...
Sql injection
Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow 1 remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and 2 remote authenticated administrators to execute arbitrary SQL commands via the userid parameter in a viewus...
Cross site scripting
Cross-site scripting XSS vulnerability in Multiple Time Sheets MTS 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to 1 index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or 2 clientinfo.php, 3 invoices.ph...
CVE-2008-1414
Cross-site scripting XSS vulnerability in Multiple Time Sheets MTS 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to 1 index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or 2 clientinfo.php, 3 invoices.ph...