WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2021-38710

Static Persistent XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITENAME parameter...

CVE-2024-4157 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for...

ERPNext 12.29 Cross Site Scripting

Exploit Title: ERPNext 12.29 - Cross-Site Scripting XSS Date: 7 Feb 2023 Exploit Author: Patrick Dean Ramos / Nathu Nandwani / Junnair Manla Github - https://github.com/patrickdeanramos/CVE-2022-28598 Vendor Homepage: https://erpnext.com/ Version: 12.29 CVE-2022-28598 Summary: Stored cross-site...

Github yclas 跨站脚本漏洞

Github yclas is a powerful script that can convert any domain into a fully customizable classified ads site in seconds. A cross-site scripting vulnerability exists in Yclas version 4.3.0, which stems from the fact that the software's install/view/form.php does not validate and escape the SITENAME...

Directory traversal

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. dot dot in the formname parameter to 1 contrib/acog/printform.php; or 2 loadform.php, 3 viewform.php, or 4 trendform.php in interface/patientfile/encounter...