5 matches found
EUVD-2007-1616
Malware in sbrugna...
LimeSurvey 5.6.34-230816 has a storage based XSS vulnerability caused by importManifest
Description A regular user with "theme" privileges who maliciously sets the "templatename" during the importManifest process can lead to a stored Cross-Site Scripting XSS vulnerability. Proof of Concept The first step is to create a user with only 'theme' permission. Log in to this user and make ...
DEBIAN-CVE-2007-1622
Cross-site scripting XSS vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATHINFO in the administration interface, related to loose...
CVE-2007-1622
Cross-site scripting XSS vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATHINFO in the administration interface, related to loose...
CVE-2007-1622
Cross-site scripting XSS vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATHINFO in the administration interface, related to loose...