7 matches found
CVE-2021-24683
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...
PT-2024-21045 · Pimcore · Pimcore Admin Classic Bundle
Name of the Vulnerable Software and Affected Versions: pimcore/admin-ui-classic-bundle versions prior to 1.3.4 Description: A potential security issue has been discovered in the pimcore/admin-ui-classic-bundle. The issue involves a Host Header Injection in the invitationLinkAction function of the...
Strapi Security Vulnerabilities
Strapi is an open source content management system CMS. A security vulnerability exists in Strapi Protected Populate Plugin versions prior to 1.3.4. An attacker could exploit the vulnerability to populate certain fields...
CVE-2022-1013
The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability...
PT-2019-14678 · Unknown +1 · Libiec61850 +1
Name of the Vulnerable Software and Affected Versions: libIEC61850 versions prior to 1.3.4 Description: The issue is related to a use-after-free in the MmsServer waitReady function located in the mms/iso mms/server/mms server.c file. This can be demonstrated using the server example goose...
CVE-2018-7776
The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data...
CVE-2018-7773
The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter...