7 matches found
CVE-2023-1430
CVE-2023-1430 affects the FluentCRM plugin for WordPress. The vulnerability arises from using an MD5 hash without a salt to authorize unsubscription and subscription management, allowing unauthenticated attackers (with knowledge of a subscriber’s email) to unsubscribe or modify subscriptions. Aff...
WordPress Plugin FluentCRM- Marketing Automation 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
UBUNTU-CVE-2021-20236
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as...
Radancy: Possible to unsubscribe from activities using CSRF @ mijn.werkenbijdefensie.nl
Domain and URL: https://mijn.werkenbijdefensie.nl/activiteiten/bezocht Summary: Possible to unsubscribe from activities/events using CSRF Description: it is possible to unsubscribe a logged in user from any subscribed events. The unsubscribe is done by a GET-call which is of course not protected ...
readyhosting.com XSS vulnerability
Vulnerable URL: http://www.readyhosting.com/utils/UnSubscribeMe.bml?Name=JUSTXSSS=EstrellaWarBirdsNews=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 219234 VIP website status:| ...
CVE-2008-6047
Cross-site scripting XSS vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 subscribing and 2 unsubscribing...
Cross site scripting
Cross-site scripting XSS vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 subscribing and 2 unsubscribing...