506 matches found
📄 WordPress IndieWeb 4.0.5 Cross Site Scripting
WordPress IndieWeb plugin versions 4.0.5 and below suffers from persistent cross site scripting vulnerability. CVE-2025-14893: Authenticated Stored Cross-Site Scripting XSS in IndieWeb WordPress Plugin Disclaimer: This repository is created for educational purposes and ethical disclosure only. Th...
OneUptime 访问控制错误漏洞
OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.42 contained a access control vulnerability. This vulnerability stemmed from the ability to access notification tests and telephone...
Microsoft Windows Telephony Server 安全漏洞
Microsoft Windows Telephony Server is a component of the American company Microsoft. It supports the Telephone Application Programming Interface TAPI, allowing computer programs to communicate with shared telephone services. There are security vulnerabilities in Microsoft Windows Telephony Server...
CVE-2026-25858
macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...
CVE-2026-25858
macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...
CVE-2026-25858
macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...
CVE-2026-25858
The CVE-2026-25858 issue affects macrozheng mall up to version 1.0.3 where the mall-portal password reset flow exposes the OTP in the API response and authenticates requests solely by the OTP tied to a telephone number. An unauthenticated attacker can reset arbitrary user passwords using only a k...
CVE-2025-14893
The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...
CVE-2019-20031
NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface TUI, effectively allowing brute force attacks...
CVE-2025-14893
The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...
CVE-2025-14893 IndieWeb <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter
The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...
CVE-2025-14893
CVE-2025-14893 : The IndieWeb WordPress plugin is vulnerable to a stored XSS via the Telephone parameter in all versions up to 4.0.5, with exploitation limited to authenticated attackers holding at least author-level access. The vulnerability allows injection of arbitrary scripts that run when us...
PT-2026-1757
Name of the Vulnerable Software and Affected Versions IndieWeb plugin for WordPress versions through 4.0.5 Description The IndieWeb plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping related to the Telephone...
WordPress IndieWeb plugin <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability discovered by Tharadol Suksamran in WordPress Plugin IndieWeb versions = 4.0.5...
CVE-2025-14710
A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...
CVE-2025-14710
A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...
CVE-2025-14710
A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...
CVE-2025-14710 FantasticLBP Hotels Server OrderList.php sql injection
A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...
CVE-2025-14710 FantasticLBP Hotels Server OrderList.php sql injection
A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...
CVE-2025-14710
The connected Red Hat/CVE and NVD entries confirm CVE-2025-14710 affects FantasticLBP Hotels Server, specifically a SQL injection in /controller/api/OrderList.php via the telephone parameter. Exploitation is remote and publicly available, with the issue tied to a rolling-release deployment where ...