WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Software CodeBard's Patron Button and Widgets for Patreon Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47524 Patch priority High CVSS severity High 5.8 Developer Codebard PSID 00014dfb79a5...

CVE-2023-45554

File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp...

PT-2023-29571 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: zzzCMS version 2.1.9 Description: The issue allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg, gif, and png to jpg, jpeg, gif, png, pphphp. This enables the attacker to potentially...

PT-2023-29572 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: zzzCMS version 2.1.9 Description: The issue allows a remote attacker to execute arbitrary code via a crafted file to the down url function in the zzz.php file. This enables the attacker to potentially gain control over the system...

emlog 安全漏洞

emlog is a PHP and MySQL based CMS builder for personal developers of emlog. A security vulnerability exists in version 2.1.9 of emlog, which stems from the ease of deleting arbitrary files via admin emplate.php...

PT-2023-18841 · WordPress · Wpforo Forum

Name of the Vulnerable Software and Affected Versions: wpForo Forum WordPress plugin versions prior to 2.1.9 Description: The issue is related to a Reflected Cross-Site Scripting vulnerability. It occurs because the plugin does not escape some request parameters while in debug mode...

SoftExpert Suite 跨站脚本漏洞

SoftExpert Suite is a regulatory compliance software solution from SoftExpert Brazil. A security vulnerability exists in SoftExpert Suite version 2.1.9. An attacker could exploit the vulnerability to perform cross-site scripting attacks...

PT-2023-24372 · Softexpert · Softexpert Excellence Suite

Name of the Vulnerable Software and Affected Versions: SoftExpert Excellence Suite version 2.1.9 Description: The issue is related to Cross Site Scripting XSS and can be exploited via query screens. This means an attacker could potentially inject malicious scripts into the website, which would th...

CVE-2023-23657

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Richard Leishman t/a Webforward Mail Subscribe List plugin = 2.1.9 versions...

CVE-2023-23657

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Richard Leishman t/a Webforward Mail Subscribe List plugin = 2.1.9 versions...

SUSE CVE-2016-4566

Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...

WordPress plugin WP-Paginate 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Rockoa Xinhu Information Disclosure Vulnerability

Rockoa Xinhu is a Php-based office OA system from China Xinhu Rockoa. Rockoa Xinhu 2.1.9 version of the information leakage vulnerability, the vulnerability stems from ajaxbool value is manipulated to true, the attacker can obtain sensitive information by exploiting the vulnerability...

UBUNTU-CVE-2020-26892

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...

Tautulli 2.1.9 Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tautulli v2.1.9 - Shutdown Denial of Service', 'Description' = 'Tautulli versions 2.1.9 and prior are vulnerable to denial of service via the...

e107_admin/comment.php file cross-site scripting vulnerability

e107 is an open source, free and PHP and MySQL based Content Management System CMS from the e107 team. A cross-site scripting vulnerability exists in the e107admin/comment.php file in e107 v2.1.9. The vulnerability stems from the WEB application lacking proper validation of client-side data. An...

Catfish Blog v2.1.9 suffers from a file upload vulnerability

Catfish Blog is a specialized system for building blogs. A file upload vulnerability exists in Catfish Blog v2.1.9, which can be exploited by an attacker to gain control of the web server...

Django Cross-Site Scripting Vulnerability (CNVD-2019-16528)

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. A cross-site scripting vulnerability exists in Django versions 1.11 before 1.11.21, 2.1 before...

UBUNTU-CVE-2019-12308

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

Security fix for the ALT Linux 10 package dotnet-bootstrap-5.0 version 2.1.9-alt1

March 13, 2019 Vitaly Lipatov 2.1.9-alt1 - new version 2.1.9 with rpmrb script - includes .NET Core 2.1.9, ASP.NET Core 2.1.9 and .NET Core SDK 2.1.505 - CVE-2019-0657: .NET Core NuGet Tampering Vulnerability...