PT-2022-13119 · WordPress · Customize Wordpress Emails/Alerts

Name of the Vulnerable Software and Affected Versions: The Customize WordPress Emails and Alerts WordPress plugin versions prior to 1.8.7 Description: The issue concerns a lack of authorization and CSRF check in the bnfw search users AJAX action. This allows any authenticated users to call the...

CVE-2010-5320

Multiple cross-site request forgery CSRF vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that 1 modify settings via a configuration action to admin.php, 2 modify articles via an articles action to admin.php, or 3 modify...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that 1 modify settings via a configuration action to admin.php, 2 modify articles via an articles action to admin.php, or 3 modify...

CVE-2013-4624

Multiple cross-site scripting XSS vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via 1 the site parameter to engines/manager.jsp, 2 the searchString parameter to administration/ in a search action, or the 3 username, 4 firstName,...

CVE-2009-3486

Multiple cross-site scripting XSS vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to 1 the pinghost program, reachable through the diagnose program; or 2 the traceroute program, reachab...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to 1 the pinghost program, reachable through the diagnose program; or 2 the traceroute program, reachab...