40 matches found
CVE-2025-60136 WordPress User Notes plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cartpauj User Notes user-notes allows Stored XSS.This issue affects User Notes: from n/a through = 1.0.2...
CVE-2025-60136 WordPress User Notes plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cartpauj User Notes user-notes allows Stored XSS.This issue affects User Notes: from n/a through = 1.0.2...
CVE-2025-60136
CVE-2025-60136 is a Stored XSS vulnerability in WordPress plugin User Notes (versions up to 1.0.2). It arises from improper input neutralization during web page generation. The CVSS 3.1 score is 5.9 (Medium) with vector AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L; exploit requires high privileges and use...
PT-2025-39579
Name of the Vulnerable Software and Affected Versions cartpauj User Notes versions through 1.0.2 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Stored Cross-site Scripting XSS condition. This allows an attacker to inje...
WordPress plugin User Notes 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...
GHSA-GHX2-6V4G-9WMM usememos/memos makes Incorrect Use of Privileged APIs
In usememos/memos 0.9.0 and prior, a user with login permission can delete all notes of the whole application via API DELETE https://demo.usememos.com/api/memo/$idnote. The vulnerability will lose all user notes data throughout the system, causing damage to user data...
CVE-2019-16686
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...
Joomla! 3.7.x < 3.8.6 User Notes List View SQL Injection
According to its self-reported version number, the detected Joomla! application is affected by an SQL injection vulnerability in the User Notes list view. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source...
Joomla! 3.5.x < 3.8.6 User Notes List View SQL Injection
According to its self-reported version number, the detected Joomla! application is affected by an SQL injection vulnerability in the User Notes list view. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source...
Joomla! 3.8.x < 3.8.6 User Notes List View SQL Injection
According to its self-reported version number, the detected Joomla! application is affected by an SQL injection vulnerability in the User Notes list view. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source...
Joomla! 3.6.x < 3.8.6 User Notes List View SQL Injection
According to its self-reported version number, the detected Joomla! application is affected by an SQL injection vulnerability in the User Notes list view. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source...
Joomla内核SQL注入漏洞(CVE-2018-8045)
作者:绿盟科技 来源: CVE-2018-8045 漏洞简介 漏洞具体情况可参见绿盟科技安全威胁周报-201812周 Joomla! Core SQL注入漏洞: NSFOCUS ID:39158 CVE ID:CVE-2018-8045 受影响版本:Joomla! Joomla! 3.5.0-3.8.5 漏洞点评:Joomla是一套网站内容管理系统,使用PHP语言和MySQL数据库开发。Joomla! 3.5.0 -3.8.5版本对SQL语句内的变量缺少类型转换,导致User Notes列表视图内SQL注 入漏洞,可使攻击者访问或修改数据等。目前厂商已经发布了升级补丁,修复了这个...
Joomla! 3.5.0 < 3.8.6 User Notes List View SQL Injection
According to its self-reported version number, the Joomla! installation running on the remote web server is 3.5.0 or later but prior to 3.8.6. It is, therefore, affected by an SQL injection vulnerability. Note that Nessus has not attempted to exploit these issues but has instead relied only on th...
CVE-2018-8045
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view...
CVE-2018-8045
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view...
Sql injection
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view...
Joomla User Notes List View SQL Injection
SQL Injection vulnerability in Joomla filtercategoryid parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
CVE-2018-8045
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view...
CVE-2018-8045
CVE-2018-8045 affects Joomla! versions 3.5.0 through 3.8.5, where a lack of type casting in a SQL statement in the User Notes list view enables an SQL injection vulnerability. Exploitation could allow a remote attacker to execute arbitrary SQL commands on the affected system (per connected adviso...
[20180301] - Core - SQLi vulnerability User Notes
The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the User Notes list view...