13 matches found
CVE-2026-45154
Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...
EUVD-2026-33673
Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...
CVE-2026-45154 Nextcloud: Improper Access Control in Collectives
Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...
CVE-2026-45154 Nextcloud: Improper Access Control in Collectives
Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...
PT-2026-45470
Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...
openSUSE Security Update : nextcloud (openSUSE-2020-1652)
This update for nextcloud fixes the following issues : nextcloud version 20.0.0 fix some security issues : - NC-SA-2020-037 PIN for passwordless WebAuthm is asked for but not verified - NC-SA-2020-033 CVE-2020-8228 Missing rate limit on signup page - NC-SA-2020-029 CVE-2020-8233, boo1177346...
Security update for nextcloud (moderate)
openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:1652-1 Rating: moderate References: 1171572 1171579 1177346 Cross-References: CVE-2020-8154 CVE-2020-8155 CVE-2020-8183 CVE-2020-8228 CVE-2020-8233 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1...
WordPress Trashbin Plugin 0.1 'mtb_undelete' Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37097/info The Trashbin plugin for WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrar...
WordPress Trashbin Plugin 0.1 - Cross-Site Scripting Vulnerability
Trashbin plugin is prone to a cross-site scripting vulnerability. Application fails to properly sanitize user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication...
WordPress Plugin Trashbin 0.1 - mtb_undelete Cross-Site Scripting
WordPress Plugin Trashbin 0.1 - mtbundelete Cross-Site Scripting source: https://www.securityfocus.com/bid/37097/info The Trashbin plugin for WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage...
WordPress Plugin Trashbin 0.1 - 'mtb_undelete' Cross-Site Scripting
source: https://www.securityfocus.com/bid/37097/info The Trashbin plugin for WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Trashbin plugin for Wordpress: crossite scripting...
Vulnerability in Trashbin
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в Trashbin плагине для WordPress. Уязвимость в скрипте trashbin.php в параметре mtbundelete. XSS: http://site/wp-admin/edit.php?page=mtbtrashbin/trashbin.php&mtbundelete=273E3Cscript3Ealertdocument.cookie3C/script3E...