5 matches found
WordPress Smart Notification Plugin <= 10.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Smart Notification versions = 10.3...
GHSA-22Q5-9PHM-744V XWiki allows unregistered users to access private pages information through REST endpoint
Impact Protected pages are listed when requesting the REST endpoints /rest/wikis/wikiName/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent unregistered user to view pages": the endpoint would still list the pages of the...
CVE-2025-29925 XWiki allows unregistered users to access private pages information through REST endpoint
XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/wikiName/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent...
CVE-2024-5524
Information exposure vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows unregistered users to access all internal links of the application without providing any credentials...
Astrotalks Information Disclosure Vulnerability
Astrotalks is a free online astrological prediction website from Astrotalks India. An information disclosure vulnerability exists in Astrotalks version 10/03/2023, which stems from allowing unregistered users to access all internal links of the application without providing any credentials...