Lucene search
+L

72 matches found

Prion
Prion
added 2020/06/12 4:15 p.m.21 views

Design/Logic Flaw

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version...

3.5CVSS4.4AI score0.02747EPSS
Exploits0References8Affected Software3
UbuntuCve
UbuntuCve
added 2020/06/12 4:15 p.m.23 views

CVE-2020-4049

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version...

3.5CVSS6.5AI score0.02747EPSS
Exploits0References5
OSV
OSV
added 2020/06/12 4:15 p.m.5 views

UBUNTU-CVE-2020-4049

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version...

2.4CVSS6.6AI score0.02747EPSS
Exploits0References6
CVE
CVE
added 2020/06/12 4:0 p.m.206 views

CVE-2020-4049

CVE-2020-4049 affects WordPress: when uploading a theme, an attacker who has admin privileges can craft the theme folder name to trigger JavaScript execution in /wp-admin on the themes page. It is described as a low-severity self-XSS requiring admin interaction. A patch is available in WordPress ...

3.5CVSS5.1AI score0.02747EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2020/06/12 4:0 p.m.34 views

CVE-2020-4049 Authenticated self-XSS via theme uploads in WordPress

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version...

2.4CVSS5.1AI score0.02747EPSS
Exploits0References8
WPVulnDB
WPVulnDB
added 2020/06/11 12:0 a.m.27 views

WordPress < 5.4.2 - Authenticated Stored XSS via Theme Upload

Description An authenticated user could upload a purposely broken theme and then change the theme's directory name with a Cross-Site Scripting XSS payload. When WordPress warns the user about the broken theme, the XSS payload is then executed. This vulnerability would be difficult to exploit by a...

3.5CVSS4.6AI score0.02747EPSS
Exploits0References4
NVD
NVD
added 2019/03/05 2:29 p.m.10 views

CVE-2019-9572

SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. This ultimately allows execution of...

7.2CVSS7.2AI score0.02031EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/03/05 2:0 p.m.13 views

CVE-2019-9572

SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. This ultimately allows execution of...

7.2AI score0.02031EPSS
Exploits1References1
Prion
Prion
added 2017/11/25 5:29 a.m.20 views

Design/Logic Flaw

DISPUTED October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file...

6.5CVSS8.7AI score0.01559EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/02/09 3:59 p.m.3 views

CVE-2016-8494

Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme...

7.2CVSS6.3AI score0.0147EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2017/02/09 3:0 p.m.9 views

CVE-2016-8494

Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme...

8AI score0.0147EPSS
Exploits0References2
myhack58
myhack58
added 2016/10/16 12:0 a.m.24 views

WordPress <= 4.6.1 use the theme file to trigger stored XSS vulnerability analysis-vulnerability warning-the black bar safety net

Author: p0wd3r know Chong Yu 4 0 4 Security lab Date: 2016-10-08 0x00 vulnerability overview 1. Vulnerability description WordPress is a PHP and MySQL as a platform free and open source blogging software and content management systems, recently researchers found that in their=4.6.1 version, by...

6.9AI score
Exploits0
Rows per page
Query Builder