WordPress Simple Popup Manager plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Simple Popup Manager versions = 1.3.5...

Cross site scripting

A cross-site scripting XSS vulnerability in /admin/listkey.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Design/Logic Flaw

An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk parameter in the update request being transmitted to the operating system's package manager...

CVE-2022-31830

Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery SSRF via the init function at ImageCapture.class.php...

CVE-2022-31830

Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery SSRF via the init function at ImageCapture.class.php...

Server side request forgery (ssrf)

Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery SSRF via the init function at ImageCapture.class.php...

CVE-2022-31830

CVE-2022-31830 affects Kity Minder v1.3.5 and is a Server-Side Request Forgery (SSRF) in the init function of ImageCapture.class.php. The CVSS/metrics indicate a network, low-credibility-required, high-impact issue with partial confidentiality and integrity impact (CVSS‑3.1: 9.1, CRITICAL). No re...

CVE-2021-27112

LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images...

CVE-2021-27112

LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images...

Remote code execution

LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images...

CVE-2021-27112

LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images...

Pagelayer < 1.3.5 - Multiple Reflected Cross-Site Scripting (XSS)

Multiple Cross-Site Scripting issues, via the font-size and color parameters of the Website Settings, were fixed in v1.3.5 of the plugin...

OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability

Document Title: =============== OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1868 Release Date: ============= 2016-07-04 Vulnerability Laboratory ID VL-ID: ==================================== 186...

PunBB Automatic Image Upload 1.3.5 Delete File

!/usr/bin/perl 0-Day PunBB Automatic Image Upload $AllowDelete = "Members"; use LWP::UserAgent; use HTTP::Cookies; my $UserName,$PassWord,$DirectoryFile,$DeleteFile = @ARGV; if@ARGV 'Mozilla/5.0', maxredirect = 0, cookiejar = $Cookies, or die $!; sub Login my $Login =...