XSS in the review coverage resource through the committerFilter parameter- CVE-2020-4023

The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the committerFilter parameter. Affected versions: version 4.8.2 Fixed versions: 4.8.2 4.9.0...

XSS in the review coverage resource through the committerFilter parameter- CVE-2020-4023

The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the committerFilter parameter. Affected versions: version 4.8.2 Fixed versions: 4.8.2 4.9.0...

PT-2019-13989 · Modern Tribe · The Events Calendar

Name of the Vulnerable Software and Affected Versions: the-events-calendar plugin versions prior to 4.8.2 Description: The issue is related to a Cross-Site Scripting XSS flaw. The tribe paged URL parameter is vulnerable to XSS attacks. Recommendations: For versions prior to 4.8.2, update to versi...

FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: FlightPath 4.8.2 & 5.0-rc2 - Local File Inclusion Exploit Author: Mohammed Althibyani Vendor Homepage: http://getflightpath.com Software Link: http://getflightpath.com/project/9/releases Version: 4.8.2 & 5.0-rc2 Tested on: Kali...

openSUSE Security Update : phpMyAdmin (openSUSE-2018-669)

This update for phpMyAdmin fixes multiple issues. Security issues fixed : - CVE-2018-12613: File inclusion and remote code execution attack boo1098751 - CVE-2018-12581: XSS in Designer feature boo1098752 This update to version 4.8.2 also contains number of upstream bug fixes and improvements...

Security update for phpMyAdmin (important)

This update for phpMyAdmin fixes multiple issues. Security issues fixed: CVE-2018-12613: File inclusion and remote code execution attack boo1098751 CVE-2018-12581: XSS in Designer feature boo1098752 This update to version 4.8.2 also contains number of upstream bug fixes and improvements...

CVE-2018-12581

An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature...

Wordpress <= 4.8.2 SQL Injection POC

Author: Ambulong@vulspy I found this vulnerability after reading slavco’s post, and reported it to Wordpress Team via Hackerone on Sep. 2nd, 2017. But, unfortunately, WordPress team didn’t pay attention to this report too. SQL Injection Details Wordpress SQLi by slavco Wordpress SQLi — PoC by...

WordPress <= 4.8.2 Weak Password Hash Algorithm

WordPress uses a weak MD5 password hashing algorithm. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

wordpress -- multiple issues

wordpress developers reports: WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi. WordPress core is not directly vulnerable to this issue, but we've added hardening to prevent plugins a...

WordPress <= 4.8.2 - $wpdb->prepare() Weakness

Description WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from...

WordPress plugin editor cross-site scripting vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site. plugin editor is one of the plugin editor. A cross-site scripting vulnerability exists in the plugin editor in...

WordPress SQL Injection Vulnerability (CNVD-2017-31384)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress versions prior to 4.8.2. A remote attacker can exploit the...

Sql injection

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb-prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks...

CVE-2017-14718

Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL...

CVE-2017-14722

Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename...

CVE-2017-14724

Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery...

CVE-2017-14721

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name...

CVE-2017-14724

Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery...

CVE-2017-14718

Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL...